CVE-2019-1935

{"id": "CVE-2019-1935", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-08-21T19:15:15.277", "references": [{"url": "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://packetstormsecurity.com/files/154305/Cisco-UCS-Director-Default-scpuser-Password.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://seclists.org/fulldisclosure/2019/Aug/36", "tags": ["Mailing List", "Third Party Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://seclists.org/bugtraq/2019/Aug/49", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-usercred", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/154305/Cisco-UCS-Director-Default-scpuser-Password.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2019/Aug/36", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seclists.org/bugtraq/2019/Aug/49", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-usercred", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database."}, {"lang": "es", "value": "Una vulnerabilidad en Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, y Cisco UCS Director Express for Big Data podr\u00eda permitir que un atacante remoto no autenticado inicie sesi\u00f3n en la CLI de un sistema afectado utilizando la cuenta de usuario SCP (scpuser) , que tiene credenciales de usuario predeterminadas. La vulnerabilidad se debe a la presencia de una cuenta predeterminada documentada con una contrase\u00f1a predeterminada no documentada y una configuraci\u00f3n de permisos incorrecta para esa cuenta. El cambio de la contrase\u00f1a predeterminada para esta cuenta no se aplica durante la instalaci\u00f3n del producto. Un atacante podr\u00eda aprovechar esta vulnerabilidad utilizando la cuenta para iniciar sesi\u00f3n en un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios con los privilegios de la cuenta scpuser. Esto incluye acceso completo de lectura y escritura a la base de datos del sistema."}], "lastModified": "2024-11-21T04:37:43.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B97B4B36-28E2-4550-B766-BA10DE00A33D", "versionEndIncluding": "2.2.0.6", "versionStartIncluding": "2.2.0.0"}, {"criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "512DAB16-F482-424A-AC39-69977B775AA4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:ucs_director:6.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5F6460C-AD67-4B0A-A900-798E7A2A92C3"}, {"criteria": "cpe:2.3:a:cisco:ucs_director:6.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DB174AA-261E-4252-AF4E-463EB72309D2"}, {"criteria": "cpe:2.3:a:cisco:ucs_director:6.6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F95E9D60-7976-4CFB-B36B-0BC6675FA383"}, {"criteria": "cpe:2.3:a:cisco:ucs_director:6.6.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E99B2DD-0E27-42FE-AE41-BE9FE8E78D4F"}, {"criteria": "cpe:2.3:a:cisco:ucs_director:6.7\\(0.0.67265\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDB592A9-56F6-422A-9698-09AFB96BE298"}, {"criteria": "cpe:2.3:a:cisco:ucs_director:6.7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53FB8D53-BF77-443F-947A-79A6268CCC5B"}, {"criteria": "cpe:2.3:a:cisco:ucs_director:6.7.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D16313A1-5D0B-4C91-B476-A9352A11AEE4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93BE2DF4-CD88-407C-BDF6-ADD6001E3822"}, {"criteria": "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D361A6E-1F55-4CB0-97A3-A96042E7AFB8"}, {"criteria": "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "451ABC79-936F-469E-B1D8-ADB3EDCA52F3"}, {"criteria": "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D842353-38D3-4F67-BAAC-EFEBDA7511D6"}, {"criteria": "cpe:2.3:a:cisco:ucs_director_express_for_big_data:3.7.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4B9E1E3-F91D-4EB6-B7FA-8BC72DC38006"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}