CVE-2019-1863

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to make unauthorized changes to the system configuration. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow a user with read-only privileges to change critical system configurations using administrator privileges.

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

Severity	HIGH
CVSS	8.1
EPSS	-
CWE	CWE-285
KEV
Published	6 years ago
Modified	1 year ago

Products with public affected evidence

Product	Advisory	Affected evidence
Cisco Unified Computing System (Standalone)	cisco-sa-20190821-imc-privilege	structured affected CSAF product_status
Cisco Unified Computing System E-Series Software (UCSE)	cisco-sa-20190821-imc-privilege	structured affected CSAF product_status
Cisco Unified Computing System (Management Software)	cisco-sa-20190821-imc-privilege	structured affected CSAF product_status
Cisco 5000 Series Enterprise Network Compute System	cisco-sa-20190821-imc-privilege	structured affected CSAF product_status