Vulnerabilities > CVE-2019-1900 - NULL Pointer Dereference vulnerability in Cisco products

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

cisco

CWE-476

NVD

Published: 2019-08-21

Updated: 2019-10-09

Summary

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web server process to crash, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by submitting a crafted HTTP request to certain endpoints of the affected software. A successful exploit could allow an attacker to cause the web server to crash. Physical access to the device may be required for a restart.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Unified Computing System 4.0\(1C\)Hs3 Cisco Integrated Management Controller Supervisor *	2
Hardware	Cisco Cisco UCS C125 M5 - Cisco UCS C4200 - Cisco UCS S3260 -	3

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-dos