CVE-2019-1936

HIGH

Cisco IMC Supervisor/UCS Director - Authenticated RCE via Web Interface

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-1936. Includes Metasploit module exploits/linux/http/cisco_ucs_rce.

AI-analyzed exploit summary This Metasploit module exploits CVE-2019-1936 (command injection) and CVE-2019-1937 (authentication bypass) in Cisco UCS Director to achieve unauthenticated remote code execution as root. It leverages crafted HTTP requests with specific headers to bypass authentication and inject a reverse shell payload.

Description

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cisco_ucs_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2019-1936 (command injection) and CVE-2019-1937 (authentication bypass) in Cisco UCS Director to achieve unauthenticated remote code execution as root. It leverages crafted HTTP requests with specific headers to bypass authentication and inject a reverse shell payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Cisco UCS Director < 6.7.2.0

No auth needed

Prerequisites: Network access to the target · Target running vulnerable Cisco UCS Director version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 22, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj

Broken Link, Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2019/Aug/49

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/154239/Cisco-UCS-IMC-Supervisor-Authentication-Bypass-Command-Injection.html

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2019/Aug/36

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/154308/Cisco-UCS-Director-Unauthenticated-Remote-Code-Execution.html

Scores

CVSS v3 7.2

EPSS 0.6627

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20

Status published

Products (14)

cisco/integrated_management_controller_supervisor 2.1.0.0

cisco/integrated_management_controller_supervisor 2.2.0.0 - 2.2.0.6

cisco/ucs_director 6.0.0.0

cisco/ucs_director 6.5.0.0

cisco/ucs_director 6.6.0.0

cisco/ucs_director 6.6.1.0

cisco/ucs_director 6.7\(0.0.67265\)

cisco/ucs_director 6.7.0.0

cisco/ucs_director 6.7.1.0

cisco/ucs_director_express_for_big_data 3.0.0.0

... and 4 more

Published Aug 21, 2019

Tracked Since Feb 18, 2026