Cisco Integrated Management Controller Information Disclosure Vulnerability
CVE-2019-1627

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Unified Computing System (management Software)
Vendor: CVE Published:; 20 June 2019

Badges

👾 Exploit Exists

Summary

A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient protection of data in the configuration file. An attacker could exploit this vulnerability by downloading the configuration file. An exploit could allow the attacker to use the sensitive information from the file to elevate privileges.

Affected Version(s)

Cisco Unified Computing System (Management Software) < 4.0(4b)

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/108847

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Jun 20, 2019
Vulnerability Reserved
Dec 6, 2018