CVE-2019-1938

CRITICAL

Cisco UCS Director and UCS Director Express for Big Data - Authentication Bypass via Crafted HTTP Requests

Title source: llm

Description

A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper authentication request handling. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an unprivileged attacker to access and execute arbitrary actions through certain APIs.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucsd-authbypass

Scores

CVSS v3 9.8

EPSS 0.0457

EPSS Percentile 90.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-287

Status published

Products (4)

cisco/ucs_director 6.7.0.0

cisco/ucs_director 6.7.1.0

cisco/ucs_director_express_for_big_data 3.7.0.0

cisco/ucs_director_express_for_big_data 3.7.1.0

Published Aug 21, 2019

Tracked Since Feb 18, 2026