mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
87 lines
3.1 KiB
JSON
87 lines
3.1 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "psirt@cisco.com",
|
|
"DATE_PUBLIC": "2019-08-21T16:00:00-0700",
|
|
"ID": "CVE-2019-1863",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Cisco Integrated Management Controller Privilege Escalation Vulnerability"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Cisco Unified Computing System E-Series Software (UCSE) ",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"affected": "<",
|
|
"version_value": "2.0(13o)"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Cisco"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges."
|
|
}
|
|
]
|
|
},
|
|
"exploit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": {
|
|
"baseScore": "6.5",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N ",
|
|
"version": "3.0"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-285"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "20190821 Cisco Integrated Management Controller Privilege Escalation Vulnerability",
|
|
"refsource": "CISCO",
|
|
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privilege"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"advisory": "cisco-sa-20190821-imc-privilege",
|
|
"defect": [
|
|
[
|
|
"CSCvn21011"
|
|
]
|
|
],
|
|
"discovery": "INTERNAL"
|
|
}
|
|
} |