Main Vulnerability Database Exploits ID:6001 - Exploit for Improper Authentication in Cisco Systems, Inc products - CVE-2019-1937

ID:6001 - Exploit for Improper Authentication in Cisco Systems, Inc products - CVE-2019-1937

Published: June 17, 2021

Vulnerability identifier: #VU20429

Vulnerability risk: High

CVE-ID: CVE-2019-1937

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
Cisco UCS Director Express for Big Data
Cisco UCS Director
Cisco Integrated Management Controller Supervisor

Link to public exploit:

https://www.exploit-db.com/exploits/47313/

Vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists in the web-based management interface due to insufficient request header validation during the authentication process. A remote attacker can send a series of malicious requests to an affected device, use the acquired session token and gain full administrator access to the affected device.

Remediation

Install updates from vendor's website.

ID:6001 - Exploit for Improper Authentication in Cisco Systems, Inc products - CVE-2019-1937

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human