A vulnerability in the web-based... CVE-2019-1937

10.0 AV AC AU C I A
发布: 2019-08-21
修订: 2019-09-10

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to use the acquired session token to gain full administrator access to the affected device.

0%
当前有2条漏洞利用/PoC
当前有2条受影响产品信息