CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1863

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.7%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 9.0

References

Products affected by CVE-2019-1863

Cisco » Integrated Management Controller Supervisor » Version: Any

cpe:2.3:a:cisco:integrated_management_controller_supervisor:*
Cisco » Unified Computing System » Version: 4.0(1c)hs3

cpe:2.3:a:cisco:unified_computing_system:4.0(1c)hs3
Cisco » Encs 5100 » Version: N/A

cpe:2.3:h:cisco:encs_5100:-
Cisco » Encs 5400 » Version: N/A

cpe:2.3:h:cisco:encs_5400:-
Cisco » Ucs-E1120d-M3 » Version: N/A

cpe:2.3:h:cisco:ucs-e1120d-m3:-
Cisco » Ucs-E140s-M2 » Version: N/A

cpe:2.3:h:cisco:ucs-e140s-m2:-
Cisco » Ucs-E160d-M2 » Version: N/A

cpe:2.3:h:cisco:ucs-e160d-m2:-
Cisco » Ucs-E160s-M3 » Version: N/A

cpe:2.3:h:cisco:ucs-e160s-m3:-
Cisco » Ucs-E168d-M2 » Version: N/A

cpe:2.3:h:cisco:ucs-e168d-m2:-
Cisco » Ucs-E180d-M3 » Version: N/A

cpe:2.3:h:cisco:ucs-e180d-m3:-
Cisco » Ucs C125 M5 » Version: N/A

cpe:2.3:h:cisco:ucs_c125_m5:-
Cisco » Ucs C4200 » Version: N/A

cpe:2.3:h:cisco:ucs_c4200:-
Cisco » Ucs S3260 » Version: N/A

cpe:2.3:h:cisco:ucs_s3260:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1863

Products

Pricing

Contact Us