← Back to CVE List

CVE-2019-1937

Published: 2019-08-21T19:15Z
Last Modified: 2024-11-21T04:37Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to use the acquired session token to gain full administrator access to the affected device. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt