Adding Cisco CVE-2019-1908

2025-07-30 18:04:30 +00:00 · 2019-08-21 18:21:22 +00:00 · 2019-08-21 18:21:22 +00:00 · f077eed56e
commit f077eed56e
parent 0f2cd65879
1 changed files with 73 additions and 4 deletions
--- a/2019/1xxx/CVE-2019-1908.json
+++ b/2019/1xxx/CVE-2019-1908.json
@ -1,8 +1,34 @@
 {
    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
+        "ASSIGNER": "psirt@cisco.com",
+        "DATE_PUBLIC": "2019-08-21T16:00:00-0700",
        "ID": "CVE-2019-1908",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cisco Integrated Management Controller Information Disclosure Vulnerability"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Cisco Unified Computing System (Management Software) ",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "affected": "<",
+                                            "version_value": "3.0(4k)"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Cisco"
+                }
+            ]
+        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
@ -11,8 +37,51 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks. "
            }
        ]
+    },
+    "exploit": [
+        {
+            "lang": "eng",
+            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
+        }
+    ],
+    "impact": {
+        "cvss": {
+            "baseScore": "7.5",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N ",
+            "version": "3.0"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-200"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "20190821 Cisco Integrated Management Controller Information Disclosure Vulnerability",
+                "refsource": "CISCO",
+                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "cisco-sa-20190821-imc-infodisc",
+        "defect": [
+            [
+                "CSCvo36096"
+            ]
+        ],
+        "discovery": "INTERNAL"
    }
-}
+}