Cisco has released security fixes to address 17 critical and high-severity vulnerabilities affecting some Cisco Unified Computing products.
Most of the flaws
The critical flaws impacting the CISCO UCS addressed by the tech giant are CVE-2019-1937, CVE-2019-1974, CVE-2019-1935 and CVE-2019-1938. These flaws could be exploited by remote, unauthenticated attackers to gain elevated privileges, including administrator permissions, on the targeted system.
A remote attacker could exploit the vulnerabilities by sending specially crafted requests and abusing default credentials.
“A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication.” reads the advisory for the CVE-2019-1937 flaw.
“The vulnerability is due to
Cisco addressed also multiple
Some of the flaws addressed by Cisco have been reported by the security researcher Pedro Ribeiro, aka “
The good news is that Cisco is not aware of attacks in the wild that have exploited the flaws in UCS and IMC products.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.