发布日期：2019-08-20
更新日期：2019-08-23

受影响系统：

Cisco UCS Director 6.7.0.0－6.7.1.0
Cisco UCS Director 6.7.0.0 – 6.7.2.0
Cisco UCS Director 6.6.0.0－6.6.1.0
Cisco UCS Director 6.5
Cisco UCS Director 6.0
Cisco IMC Supervisor 2.2.0.0－2.2.0.6
Cisco IMC Supervisor 2.1
Cisco UCS Director Express for Big Data 3.7.0.0 – 3.7.2.0
Cisco UCS Director Express for Big Data 3.6.0.0 - 3.6.1.0
Cisco UCS Director Express for Big Data 3.5.0.0 – 3.5.0.3
Cisco UCS Director Express for Big Data 3.0.0.0 – 3.0.1.3
Cisco UCS Director Express for Big Data 2.1.0.0 – 2.1.0.2

描述：

---

CVE(CAN) ID: CVE-2019-1974

Cisco Integrated Management Controller（IMC）是一套用于对UCS（统一计算系统）进行管理的软件。

Cisco Integrated Management Controller Supervisor, Cisco UCS Director, Cisco UCS Director Express for Big Data中存在安全漏洞，可使未经身份验证的远程攻击者绕过用户身份验证，获取管理员访问权限。该漏洞源于在认证过程中没有对请求头信息进行有效的校验，导致未授权的攻击者可以绕过权限认证步骤从而获得管理员权限。

<*来源：Cisco
　
  
  链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-aut
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-20190821-imcs-ucs-authbypass）以及相应补丁:
cisco-sa-20190821-imcs-ucs-authbypass：Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability
链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass

浏览次数：1582
严重程度：0（网友投票）