{"containers": {"cna": {"affected": [{"product": "Cisco Unified Computing System (Management Software)", "vendor": "Cisco", "versions": [{"lessThan": "3.0(4k)", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-08-21T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-08-21T18:25:28", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20190821 Cisco Integrated Management Controller Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc"}], "source": {"advisory": "cisco-sa-20190821-imc-infodisc", "defect": [["CSCvo36096"]], "discovery": "INTERNAL"}, "title": "Cisco Integrated Management Controller Information Disclosure Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-08-21T16:00:00-0700", "ID": "CVE-2019-1908", "STATE": "PUBLIC", "TITLE": "Cisco Integrated Management Controller Information Disclosure Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Unified Computing System (Management Software)", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "3.0(4k)"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "7.5", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200"}]}]}, "references": {"reference_data": [{"name": "20190821 Cisco Integrated Management Controller Information Disclosure Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc"}]}, "source": {"advisory": "cisco-sa-20190821-imc-infodisc", "defect": [["CSCvo36096"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:35:52.083Z"}, "title": "CVE Program Container", "references": [{"name": "20190821 Cisco Integrated Management Controller Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1908", "datePublished": "2019-08-21T18:25:28.253997Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-09-16T23:26:16.018Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\)hs3:*:*:*:*:*:*:*", "matchCriteriaId": "39F8601E-730B-489B-AD2A-FD10FAF28595", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "416F7C96-3EF0-4B6D-B414-3FC0D0848144", "versionEndExcluding": "2.0\\(13o\\)", "versionStartIncluding": "2.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "0056011A-04F0-4185-8EE7-B1B30CAAA863", "versionEndExcluding": "3.0\\(4k\\)", "versionStartIncluding": "3.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "59EE9E78-D09E-4069-BC84-ED42E3EE76F1", "versionEndExcluding": "4.0\\(4b\\)", "versionStartIncluding": "4.0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADD4A429-F168-460B-A964-8F1BD94C6387", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD25964B-08B7-477E-A507-5FE5EE7CD286", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FDC8A69-0914-44C1-8AEA-262E0A285C81", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5549F4C-CF65-4F22-9675-EFAA99964CA0", "versionEndExcluding": "4.0\\(2f\\)", "versionStartIncluding": "4.0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADD4A429-F168-460B-A964-8F1BD94C6387", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs_c4200:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD25964B-08B7-477E-A507-5FE5EE7CD286", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FDC8A69-0914-44C1-8AEA-262E0A285C81", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to view sensitive system information. The vulnerability is due to insufficient security restrictions imposed by the affected software. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional attacks."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de la Interfaz de administraci\u00f3n de plataforma inteligente (IPMI) de Cisco Integrated Management Controller (IMC) podr\u00eda permitir que un atacante remoto no autenticado vea informaci\u00f3n confidencial del sistema. La vulnerabilidad se debe a restricciones de seguridad insuficientes impuestas por el software afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ver informaci\u00f3n confidencial que pertenece a otros usuarios. El atacante podr\u00eda usar esta informaci\u00f3n para realizar ataques adicionales."}], "id": "CVE-2019-1908", "lastModified": "2020-10-16T14:52:05.777", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-21T19:15:15.230", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}