Auto-merge PR#2483

2025-06-19 17:32:41 +00:00 · 2019-08-21 14:31:27 -04:00 · 2019-08-21 14:31:27 -04:00 · e0813b3a13
commit e0813b3a13
parent 23ea0ecf58 000ae041bb
1 changed files with 73 additions and 4 deletions
--- a/2019/1xxx/CVE-2019-1938.json
+++ b/2019/1xxx/CVE-2019-1938.json
@ -1,8 +1,34 @@
 {
    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
+        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2019-08-21T16:00:00-0700",
        "ID": "CVE-2019-1938",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
        "TITLE": "Cisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass Vulnerability"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Cisco Unified Computing System Director ",
                                "version": {
                                    "version_data": [
                                        {
                                            "affected": "<",
                                            "version_value": "6.7.3.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Cisco"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
@ -11,8 +37,51 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper authentication request handling. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an unprivileged attacker to access and execute arbitrary actions through certain APIs. "
            }
        ]
    },
    "exploit": [
        {
            "lang": "eng",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
    ],
    "impact": {
        "cvss": {
            "baseScore": "9.8",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-287"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "20190821 Cisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass Vulnerability",
                "refsource": "CISCO",
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucsd-authbypass"
            }
        ]
    },
    "source": {
        "advisory": "cisco-sa-20190821-ucsd-authbypass",
        "defect": [
            [
                "CSCvp69746"
            ]
        ],
        "discovery": "INTERNAL"
    }
-}
+}