プラットフォーム
cisco
コンポーネント
cisco-ucs-director
修正版
6.7.3.0
CVE-2019-1938 is a critical authentication bypass vulnerability affecting Cisco UCS Director and Cisco UCS Director Express for Big Data. An unauthenticated, remote attacker can exploit this flaw to bypass authentication and execute arbitrary actions with administrator privileges. This vulnerability impacts versions of Cisco UCS Director up to and including 6.7.3.0, and a fix is available in version 6.7.3.0.
Successful exploitation of CVE-2019-1938 grants an attacker complete control over the affected Cisco UCS Director system. This includes the ability to modify system configurations, access sensitive data, and potentially compromise other systems connected to the UCS environment. The lack of authentication required for exploitation significantly broadens the attack surface, making it a high-priority risk. The ability to execute arbitrary actions with administrator privileges mirrors the impact of a full system compromise, allowing for data exfiltration, denial of service, and further malicious activity. This vulnerability shares characteristics with other authentication bypass flaws, where improper request handling allows attackers to circumvent security controls.
CVE-2019-1938 was publicly disclosed on August 21, 2019. Public proof-of-concept exploits are available, indicating a relatively low barrier to entry for attackers. While no confirmed active exploitation campaigns have been publicly reported, the ease of exploitation and the critical severity of the vulnerability make it a likely target. The vulnerability has been added to the CISA KEV catalog, further highlighting its importance.
Organizations heavily reliant on Cisco UCS Director for managing their data center infrastructure are at significant risk. Environments with exposed UCS Director management interfaces, particularly those lacking robust network segmentation, are especially vulnerable. Legacy UCS Director deployments running older, unpatched versions are also at heightened risk.
• cisco: Monitor UCS Director logs for failed authentication attempts followed by successful administrative actions.
Get-WinEvent -LogName Security -FilterXPath '//Event[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and EventID=4625] and EventData[Data[@Name='TargetUserName']='SYSTEM']' | Where-Object {$_.TimeCreated -gt (Get-Date).AddDays(-7)} | Format-Table TimeCreated, Message• generic web: Monitor access logs for unusual patterns of requests to authentication endpoints, particularly those lacking proper authentication headers.
grep -i 'authentication' /var/log/apache2/access.log | grep -v '401' | sort | uniq -c | sort -nrdisclosure
patch
エクスプロイト状況
EPSS
2.55% (85% パーセンタイル)
CVSS ベクトル
The primary mitigation for CVE-2019-1938 is to upgrade Cisco UCS Director to version 6.7.3.0 or later. If immediate upgrading is not possible, consider implementing strict network segmentation to limit external access to the UCS Director management interface. Review and restrict API access to only authorized users and applications. Monitor network traffic for suspicious HTTP requests targeting the authentication endpoints. While a WAF may offer some protection, it is not a substitute for patching. After upgrading, verify the fix by attempting to access the management interface without authentication; successful access indicates the vulnerability persists.
Cisco UCS Director をバージョン 6.7.3.0 以降にアップデートしてください。このアップデートは認証バイパスの脆弱性を修正し、管理者権限での任意の操作実行を防止します。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2019-1938 is a critical vulnerability in Cisco UCS Director allowing unauthenticated attackers to gain administrator access. It involves improper handling of HTTP requests, enabling privilege escalation.
You are affected if you are running Cisco UCS Director versions 6.7.3.0 or earlier. Check your current version against the affected range to determine your risk level.
Upgrade Cisco UCS Director to version 6.7.3.0 or later to remediate the vulnerability. If immediate upgrade is not possible, implement network segmentation and restrict API access.
While no confirmed active campaigns are publicly known, the vulnerability's ease of exploitation and critical severity make it a likely target for attackers.
Refer to the official Cisco Security Advisory for details: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-director-auth-bypass-20190821