Situation
Critical vulnerabilities have been found in Cisco’s Integrated Management Controller (IMC) Supervisor, Unified Computing System (UCS) Director, and UCS Director Express for Big Data.
Problem
Four critical vulnerabilities have been found impacting UCS Director, and UCS Director Express for Big Data. Three of the vulnerabilities impact IMC Supervisor.
The vulnerabilities and what devices they impact:
- Two authentication bypass vulnerabilities affecting IMC Supervisor, UCS Director, and UCS Director Express for Big Data releases (CVE-2019-1937, CVE-2019-1974)
- Secure copy (SCP) user default credentials vulnerability affecting IMC Supervisor, UCS Director, and UCS Director Express for Big Data releases (CVE-2019-1935)
- Application programming interface (API) authentication bypass vulnerability found in UCS Director and UCS Director Express for Big Data releases (CVE-2019-1938)
Implication
For the two authentication bypass vulnerabilities, an attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. A successful exploit could allow the attacker to gain full administrator access to the affected device.
For the Secure copy user default credentials vulnerability, an attacker could exploit this vulnerability by using the account scpuser default credentials to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.
For the API authentication bypass vulnerability, an attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an unprivileged attacker to access and execute arbitrary actions through certain APIs.
Need
What can people do to address the issue?
Cisco patched the four critical flaws and advises customers to mitigate potential attacks by installing the following software releases:
- Cisco Integrated Management Controller Supervisor releases 2.2.1.0 and later
- Cisco UCS Director releases 6.7.2.0 and later (recommended: 6.7.3.0)
- Cisco UCS Director Express for Big Data releases 3.7.2.0 and later (recommended: 3.7.3.0)