CVE-2019-1627 — Vulnetix

CVE-2019-1627 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability in the Server Utilities of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to gain unauthorized access to sensitive user information from the configuration data that is stored on the affected system. The vulnerability is due to insufficient protection of data in the configuration file. An attacker could exploit this vulnerability by downloading the configuration file. An exploit could allow the attacker to use the sensitive information from the file to elevate privileges.

EPSS 0.15% · 34.9th percentile

Risk Scores

CVSS 3.0

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.15%

34.9th percentile

Affected Products

Vendor	Product	Versions
cisco	unified_computing_system	4.0\(1c\)hs3
Cisco	Cisco Unified Computing System (Management Software)	unspecified
cisco	integrated_management_controller

Exploit Intelligence

20190619 Cisco Integrated Management Controller Information Disclosure Vulnerability (circl)
108847 (circl)

Timeline

Jun 19, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
May 24, 2022 CVE Updated
Jul 3, 2022 EPSS Score

References

20190619 Cisco Integrated Management Controller Information Disclosure Vulnerability vendor-advisory
108847 vdb
https://nvd.nist.gov/vuln/detail/CVE-2019-1627 advisory

Open in Interactive Console →