CVE-2019-1900
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
21/08/2019
Last modified:
31/03/2023
Description
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:unified_computing_system:4.0\(1c\)hs3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:* | 4.0.0.0 (including) | 4.0\(2f\) (excluding) |
| cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page