Cisco has released security fixes to address 17 critical and high-severity vulnerabilities affecting some Cisco Unified Computing products.
Most of the flaws
The critical flaws impacting the CISCO UCS addressed by the tech giant are CVE-2019-1937, CVE-2019-1974, CVE-2019-1935 and CVE-2019-1938. These flaws could be exploited by remote, unauthenticated attackers to gain elevated privileges, including administrator permissions, on the targeted system.
A remote attacker could exploit the vulnerabilities by sending specially crafted requests and abusing default credentials.
“A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication.” reads the advisory for the CVE-2019-1937 flaw.
“The vulnerability is due to
Cisco addressed also multiple
Some of the flaws addressed by Cisco have been reported by the security researcher Pedro Ribeiro, aka “
The good news is that Cisco is not aware of attacks in the wild that have exploited the flaws in UCS and IMC products.