CVE-2019-1627

CVE Database · CVE-2019-1627

CVE-2019-1627

· MEDIUMModified

CVSS v3.1

6.5

EPSS

1.19%

Published

Jun 20, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient protection of data in the configuration file. An attacker could exploit this vulnerability by downloading the configuration file. An exploit could allow the attacker to use the sensitive information from the file to elevate privileges.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-78CWE-312

Affected Products (2)

cisco · integrated_management_controllervulnerable

cisco · unified_computing_systemvulnerable

References (4)

http://www.securityfocus.com/bid/108847

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-infodiscl

Vendor Advisory

http://www.securityfocus.com/bid/108847

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-imc-infodiscl

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs