CVE-2019-1938— Cisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-1938
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper authentication request handling. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an unprivileged attacker to access and execute arbitrary actions through certain APIs.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco UCS Director和Cisco UCS Director Express for Big Data 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco UCS Director和Cisco UCS Director Express for Big Data都是美国思科(Cisco)公司的产品。Cisco UCS Director是一套私有云基础架构即服务(IaaS)的异构平台。Cisco UCS Director Express for Big Data是一套针对大数据集群的基础架构统一管理平台。 Cisco UCS Director和Cisco UCS Director Express for Big Data中的Web管理界面存在授权问题
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System Director | unspecified ~ 6.7.3.0 | - |
II. Public POCs for CVE-2019-1938
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-1938
请登录查看更多情报信息。
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucsd-authbypassvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2019-1938
Same Patch Batch · Cisco · 2019-08-21 · 27 CVEs total
| CVE-2019-1864 | Cisco Integrated Management Controller Command Injection Vulnerability | |
| CVE-2019-12623 | Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration | |
| CVE-2019-12622 | Cisco RoomOS Software Privilege Escalation Vulnerability | |
| CVE-2019-12621 | Cisco HyperFlex Static SSL Key Vulnerability | |
| CVE-2019-12634 | Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Direc | |
| CVE-2019-12627 | Cisco Firepower Threat Defense Software Information Disclosure Vulnerability | |
| CVE-2019-12626 | Cisco Unified Contact Center Express Stored Cross-Site Scripting Vulnerability | |
| CVE-2019-12624 | Cisco IOS XE NGWC Legacy Wireless Device Manager GUI Cross-Site Request Forgery Vulnerabil | |
| CVE-2019-1850 | Cisco Integrated Management Controller Command Injection Vulnerability | |
| CVE-2019-1839 | Cisco Remote PHY Device Software Command Injection Vulnerability | |
| CVE-2019-1634 | Cisco Integrated Management Controller Command Injection Vulnerability | |
| CVE-2019-1871 | Cisco Integrated Management Controller Buffer Overflow Vulnerability | |
| CVE-2019-1865 | Cisco Integrated Management Controller Command Injection Vulnerability | |
| CVE-2019-1948 | Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability | |
| CVE-2019-1863 | Cisco Integrated Management Controller Privilege Escalation Vulnerability | |
| CVE-2019-1900 | Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability | |
| CVE-2019-1896 | Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability | |
| CVE-2019-1885 | Cisco Integrated Management Controller Command Injection Vulnerability | |
| CVE-2019-1883 | Cisco Integrated Management Controller CLI Command Injection Vulnerability | |
| CVE-2019-1937 | Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Direc |
Showing top 20 of 27 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Cisco Unified Computing System Director
- CVE-2019-1974
Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Dire - CVE-2019-1935
Cisco Integrated Management Controller Supervisor, Cisco UCS - CVE-2019-1936
Cisco Integrated Management Controller Supervisor, Cisco UCS - CVE-2019-1937
Cisco Integrated Management Controller Supervisor, Cisco UCS - CVE-2019-12634
Cisco Integrated Management Controller Supervisor, Cisco UCS
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-287
- CVE-2026-8244
Industrial Application Software IAS Canias ERP Login RMI imp - CVE-2026-8216
Industrial Application Software IAS Canias ERP Java RMI Sess - CVE-2026-8214
Industrial Application Software IAS Canias ERP RMI doAction - CVE-2026-42560
auth: Patreon provider assigns the same local user ID to eve - CVE-2026-41070
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, all
V. Comments for CVE-2019-1938
No comments yet