Cisco has fixed multiple vulnerabilities in key components of its Unified Computing System (UCS) server platform. The vendor patched 18 vulnerabilities in the UCS Director and Integrated Management Controller (IMC) modules. Four bugs were rated as critical, and the rest were assessed as those with high level of danger.The vulnerability registered as CVE-2019-1938 allows remote attacker to bypass authorization procedures and perform unauthorized actions on the device with administrator‘s rights.
The drawback, which received 9.8 points on the CVSS scale, affects the UCS Director application versions 220.127.116.11 and 18.104.22.168, as well as the UCS Director Express for Big Data builds 22.214.171.124 and 126.96.36.199. The bug is associated with problems with authentication of incoming requests.
“An attacker could send to the target machine a malicious HTTP packet, which would allow him to interact with the system through a set of APIs”, – inform Cisco representatives.
Error CVE-2019-1937 in the web-based software of the IMC Supervisor, UCS Director and UCS Director Express for Big Data components allows a cybercriminal to intercept the session token and gain administrative access to the device. The attack is built through malicious commands in the request headers that an unauthorized attacker can send to the target system. Like the previous bug, the CVE-2019-1937 vulnerability was rated at 9.8 CVSS.
A similar exploitation method and a similar threat level established for a defect registered as CVE-2019-1974.
“Problems with processing request headers during user’s authentication give remote cybercriminals the ability to log in with root privileges”, – Cisco experts discovered.
The vulnerability is present in four generations of firmware of the UCS Director family of programs, as well as in the release of IMC Supervisor 2.1 and its builds from 2.2 to 188.8.131.52.
The last critical bug fixed by Cisco received the identifier CVE-2019-1935 The disadvantage is that IMC Supervisor, UCS Director and UCS Director Express for Big Data have default accounts with incorrect access permissions settings. The vulnerability allows an attacker to enter the command line interface with the rights of scpuser user and run, read and write operations on the system database on his behalf.
Many of the vulnerabilities patched this week have been found by Cisco itself during internal security testing and the resolution of support cases, but some have been credited to Pedro Ribeiro, a researcher who uses the online moniker “bashis,” and an expert who wanted to remain anonymous. External researchers have been credited for three of the four critical vulnerabilities.
Cisco says there is no evidence that any of the flaws affecting UCS and IMC have been exploited for malicious purposes.