—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2019-August-21.
The following PSIRT security advisories (4 Critical, 14 High) were published at 16:00 UTC today.
Table of Contents:
1) Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability – SIR: Critical
2) Cisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass Vulnerability – SIR: Critical
3) Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability – SIR: Critical
4) Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability – SIR: Critical
5) Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability – SIR: High
6) Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability – SIR: High
7) Cisco Integrated Management Controller Information Disclosure Vulnerability – SIR: High
8) Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability – SIR: High
9) Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability – SIR: High
10) Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability – SIR: High
11) Cisco Integrated Management Controller Command Injection Vulnerability – SIR: High
12) Cisco Integrated Management Controller CLI Command Injection Vulnerability – SIR: High
13) Cisco Integrated Management Controller Command Injection Vulnerability – SIR: High
14) Cisco Integrated Management Controller Buffer Overflow Vulnerability – SIR: High
15) Cisco Integrated Management Controller Command Injection Vulnerability – SIR: High
16) Cisco Integrated Management Controller Command Injection Vulnerability – SIR: High
17) Cisco Integrated Management Controller Privilege Escalation Vulnerability – SIR: High
18) Cisco Integrated Management Controller Command Injection Vulnerability – SIR: High
+——————————————————————–
1) Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability
CVE-2019-1974
SIR: Critical
CVSS Score v(3.0): 9.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass”]
+——————————————————————–
2) Cisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass Vulnerability
CVE-2019-1938
SIR: Critical
CVSS Score v(3.0): 9.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucsd-authbypass [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucsd-authbypass”]
+——————————————————————–
3) Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability
CVE-2019-1937
SIR: Critical
CVSS Score v(3.0): 9.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authby [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authby”]
+——————————————————————–
4) Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability
CVE-2019-1935
SIR: Critical
CVSS Score v(3.0): 9.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-usercred [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-usercred”]
+——————————————————————–
5) Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability
CVE-2019-12634
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-imc-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-imc-dos”]
+——————————————————————–
6) Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability
CVE-2019-1936
SIR: High
CVSS Score v(3.0): 7.2
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj”]
+——————————————————————–
7) Cisco Integrated Management Controller Information Disclosure Vulnerability
CVE-2019-1908
SIR: High
CVSS Score v(3.0): 7.5
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc”]
+——————————————————————–
8) Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability
CVE-2019-1907
SIR: High
CVSS Score v(3.0): 8.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privescal [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privescal”]
+——————————————————————–
9) Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability
CVE-2019-1900
SIR: High
CVSS Score v(3.0): 7.5
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-dos”]
+——————————————————————–
10) Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability
CVE-2019-1896
SIR: High
CVSS Score v(3.0): 7.2
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896”]
+——————————————————————–
11) Cisco Integrated Management Controller Command Injection Vulnerability
CVE-2019-1885
SIR: High
CVSS Score v(3.0): 7.2
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-cimc [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-cimc”]
+——————————————————————–
12) Cisco Integrated Management Controller CLI Command Injection Vulnerability
CVE-2019-1883
SIR: High
CVSS Score v(3.0): 7.0
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-cimc-cli-inject [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-cimc-cli-inject”]
+——————————————————————–
13) Cisco Integrated Management Controller Command Injection Vulnerability
CVE-2019-1634
SIR: High
CVSS Score v(3.0): 7.2
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634”]
+——————————————————————–
14) Cisco Integrated Management Controller Buffer Overflow Vulnerability
CVE-2019-1871
SIR: High
CVSS Score v(3.0): 7.2
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-bo [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-bo”]
+——————————————————————–
15) Cisco Integrated Management Controller Command Injection Vulnerability
CVE-2019-1865
SIR: High
CVSS Score v(3.0): 8.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1865 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1865”]
+——————————————————————–
16) Cisco Integrated Management Controller Command Injection Vulnerability
CVE-2019-1864
SIR: High
CVSS Score v(3.0): 8.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1864 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1864”]
+——————————————————————–
17) Cisco Integrated Management Controller Privilege Escalation Vulnerability
CVE-2019-1863
SIR: High
CVSS Score v(3.0): 6.5
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privilege [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privilege”]
+——————————————————————–
18) Cisco Integrated Management Controller Command Injection Vulnerability
CVE-2019-1850
SIR: High
CVSS Score v(3.0): 7.2
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1850 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1850”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJdXWqeXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczy/oQAIfw6YzVrbwXyDJ30PO35sKcCOYk
YUxQqyx2mi8CytU7BKViHeQVezQX1zZUzkIX33miJbM4EPJCFyeLryhutH4Cs8eg
tQmrWozAkbLtDV+XsvRtBuawf3g7ifdCR6AG2x5AMZGs3L63X2eQUSvHnc14DRhR
K2jPcQEnj3WGnmFBcV2MuB+IZQQv7wH6UGF2NA3dbs2E9uhTRKDgdoe4PZcupbvI
BRSmtB1KrZ5PCzV2tr21OvwQpeMfvDFGSEBngVeJGFoqh+Wq5QwjuWcjXBRQJjvE
q3UyopUSXWa0BshwELFDWoWIizS2OlQkLnwRukCM6O/E0vNtjKqwJKeRV0g6VL9+
gD5FaNNIl/PXM8qxnwUT2B9JPXu8KXKvlfBI52OH30rC0fDytWMe6/jh2An85TYy
jnXvghglF+1e5NXxCTXnpieY4I8fFcad7kLCfkOhKYmv1+SqC7Ln0lm+N1l78+T0
Afzk/sLiQyhP3shRxcsrFgzjJQgr0+xLL90XN6oC3lgttUC0pb0u31kJ1pcx2jLl
bh/7ztXSG3h6giWG/2dSNDbU1xS2kuRZgER7Tk1MvgG3xWvsjcWmYS+sWfCLGKcC
eA2GfVWhoTL9svMkdDFxstLQW9FLvCDDD7TNiWL1og9Da/NMTwka1jSZ/7vhB/aS
a8zNo1l5kJAAbqD0
=p584
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com