Rewterz Threat Advisory – CVE-2019-1938 – Cisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass Vulnerability

Severity

High

Analysis Summary

The vulnerability is due to improper authentication request handling. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an unprivileged attacker to access and execute arbitrary actions through certain APIs.

Impact

Privilege access

Affected Vendors

Cisco

Affected Products

• Cisco UCS Director
• Cisco UCS Director Express for Big Data

Remediation

Please see vendor’s advisory for more details

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucsd-authbypass