-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2019.3212.3
          Multiple vulnerabilities in Cisco Integrated Management
                     Controller and Cisco UCS Director
                             2 September 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Integrated Management Controller
                   Cisco UCS Director
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Root Compromise        -- Remote/Unauthenticated
                   Access Privileged Data -- Remote/Unauthenticated
                   Denial of Service      -- Remote/Unauthenticated
                   Unauthorised Access    -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-12634 CVE-2019-1937 CVE-2019-1936
                   CVE-2019-1935 CVE-2019-1908 CVE-2019-1907
                   CVE-2019-1900 CVE-2019-1896 CVE-2019-1885
                   CVE-2019-1883 CVE-2019-1871 CVE-2019-1865
                   CVE-2019-1864 CVE-2019-1863 CVE-2019-1850
                   CVE-2019-1634  

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-dos
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-usercred
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-imc-dos
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authby
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privescal
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privilege
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1850
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1864
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1865
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-cimc
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-cimc-cli-inject
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-bo

Comment: This bulletin contains sixteen (16) Cisco Systems security 
         advisories.

Revision History:  September  2 2019: Publicly available exploits for 
                                      CVE-2019-1937, CVE-2019-1936 and 
                                      CVE-2019-1935
                   September  2 2019: Announcement of publicly available 
                                      exploits for CVE-2019-1937, 
                                      CVE-2019-1936 and CVE-2019-1935
                   August    22 2019: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Integrated Management Controller Unauthenticated Denial of Service
Vulnerability

Priority:        High

Advisory ID:     cisco-sa-20190821-imc-dos

First Published: 2019 August 21 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvo36063

CVE-2019-1900    

CWE-476

CVSS Score:
7.5  AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the web server of Cisco Integrated Management Controller
    (IMC) could allow an unauthenticated, remote attacker to cause the web
    server process to crash, causing a denial of service (DoS) condition on an
    affected system.

    The vulnerability is due to insufficient validation of user-supplied input
    on the web interface. An attacker could exploit this vulnerability by
    submitting a crafted HTTP request to certain endpoints of the affected
    software. A successful exploit could allow an attacker to cause the web
    server to crash. Physical access to the device may be required for a
    restart.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-dos

Affected Products

  o Vulnerable Products

    This vulnerability affects Cisco UCS C-Series and S-Series Servers in
    standalone mode if they are running a vulnerable release of Cisco IMC
    Software.

    For information about fixed software releases, see the Fixed Software 
    section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco products:

       UCS E-Series Servers
       5000 Series Enterprise Network Compute System
       FI-Attached servers managed by UCS Manager, including B-Series,
        C-Series, and S-Series Servers

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Customers are advised to upgrade to the appropriate Cisco UCS C-Series and
    S-Series software release as indicated in the following table:

    Cisco IMC Software Release                  First Fixed Release
    1.4                                         Not vulnerable
    1.5                                         Not vulnerable
    2.0                                         Not vulnerable
    3.0                                         Not vulnerable
    4.0                                         4.0(2f)

    Customers can download Cisco IMC Software from the Software Center on
    Cisco.com by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS C-Series Rack-Mount
        Standalone Server Software .
     3. In the right pane, choose the appropriate Cisco UCS C-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-dos

Revision History

  o +---------+--------------------------+---------+--------+-----------------+
    | Version |       Description        | Section | Status |      Date       |
    +---------+--------------------------+---------+--------+-----------------+
    | 1.0     | Initial public release.  | -       | Final  | 2019-August-21  |
    +---------+--------------------------+---------+--------+-----------------+

- ------------------------------------------------------------------------------

Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and
Cisco UCS Director Express for Big Data SCP User Default Credentials
Vulnerability

Priority:        Critical

Advisory ID:     cisco-sa-20190821-imcs-usercred

First Published: 2019 August 21 16:00 GMT

Last Updated:    2019 August 30 12:38 GMT

Version 1.1:     Final

Workarounds:     YesCisco Bug IDs:   CSCvp19251

CVE-2019-1935    

CWE-798

CVSS Score:
9.8  AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor,
    Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow
    an unauthenticated, remote attacker to log in to the CLI of an affected
    system by using the SCP User account ( scpuser ), which has default user
    credentials.

    The vulnerability is due to the presence of a documented default account
    with an undocumented default password and incorrect permission settings for
    that account. Changing the default password for this account is not
    enforced during the installation of the product. An attacker could exploit
    this vulnerability by using the account to log in to an affected system. A
    successful exploit could allow the attacker to execute arbitrary commands
    with the privileges of the scpuser account. This includes full read and
    write access to the system's database.

    Cisco has released software updates that address this vulnerability. There
    are workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imcs-usercred

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products:

    Cisco IMC Supervisor releases:

       2.1
       2.2.0.0 through 2.2.0.6

    Cisco UCS Director releases:

       6.0
       6.5
       6.6.0.0 and 6.6.1.0
       6.7.0.0 and 6.7.1.0

    Cisco UCS Director Express for Big Data releases:

       3.0
       3.5
       3.6
       3.7.0.0 and 3.7.1.0

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

Workarounds

  o Setting a custom password for the scpuser account under Administration >
    Users and Groups > SCP User Configuration will prevent exploitation of this
    vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco fixed this vulnerability in the following software releases:

       Cisco Integrated Management Controller Supervisor releases 2.2.1.0 and
        later
       Cisco UCS Director releases 6.7.2.0 and later (recommended: 6.7.3.0)
       Cisco UCS Director Express for Big Data releases 3.7.2.0 and later
        (recommended: 3.7.3.0)

    Customers can download the Cisco IMC Supervisor software from the Software
    Center on Cisco.com by doing the following:

     1. Click Browse all .
     2. Choose Servers - Unified Computing > Integrated Management Controller
        (IMC) Supervisor > IMC Supervisor 2.x .
     3. Access releases by using the left pane of the IMC Supervisor 2.x page.

    Customers can download the Cisco UCS Director software from the Software
    Center on Cisco.com by doing the following:

     1. Click Browse all .
     2. Choose Servers - Unified Computing > UCS Director > UCS Director 6.7 .
     3. Access releases by using the left pane of the UCS Director 6.7 page.

    Customers can download the Cisco UCS Director Express for Big Data software
    from the Software Center on Cisco.com by doing the following:

     1. Click Browse all .
     2. Choose Servers - Unified Computing > UCS Director > UCS Director
        Express for Big Data 3.7 .
     3. Access releases by using the left pane of the UCS Director Express for
        Big Data 3.7 page.

Exploitation and Public Announcements

  o Security researcher Pedro Ribeiro has published details on this
    vulnerability in his GitHub repository and has also released corresponding
    Metasploit modules.

Source

  o Cisco would like to thank independent security researcher Pedro Ribeiro for
    reporting this vulnerability to iDefense's Vulnerability Contributor
    Program.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imcs-usercred

Revision History

  o +---------+---------------------+---------------+--------+----------------+
    | Version |     Description     |    Section    | Status |      Date      |
    +---------+---------------------+---------------+--------+----------------+
    |         | Updated the public  |               |        |                |
    |         | announcement and    | Exploitation  |        |                |
    | 1.1     | availability of     | and Public    | Final  | 2019-August-30 |
    |         | public exploit      | Announcements |        |                |
    |         | code.               |               |        |                |
    +---------+---------------------+---------------+--------+----------------+
    | 1.0     | Initial public      | -             | Final  | 2019-August-21 |
    |         | release.            |               |        |                |
    +---------+---------------------+---------------+--------+----------------+

- ------------------------------------------------------------------------------

Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and
Cisco UCS Director Express for Big Data Denial of Service Vulnerability

Priority:        High

Advisory ID:     cisco-sa-20190821-ucs-imc-dos

First Published: 2019 August 21 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvq89223

CVE-2019-12634   

CWE-264

CVSS Score:
8.6  AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the web-based management interface of Cisco Integrated
    Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS
    Director Express for Big Data could allow an unauthenticated, remote
    attacker to cause a denial of service (DoS) condition.

    The vulnerability is due to a missing authentication check in an API call.
    An attacker who can send a request to an affected system could cause all
    currently authenticated users to be logged off. Repeated exploitation could
    cause the inability to maintain a session in the web-based management
    portal.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-ucs-imc-dos

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products:

    Cisco IMC Supervisor releases:

       2.2.0.3 through 2.2.0.6

    Cisco UCS Director releases:

       6.6.0.0 and 6.6.1.0
       6.7.0.0 through 6.7.2.0

    Cisco UCS Director Express for Big Data releases:

       3.6.0.0 and 3.6.1.0
       3.7.0.0 through 3.7.2.0

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco fixed this vulnerability in the following software releases:

       Cisco IMC Supervisor releases 2.2.1.0 and later
       Cisco UCS Director releases 6.7.3.0 and later
       Cisco UCS Director Express for Big Data releases 3.7.3.0 and later

    At the time of publication, fixes for UCS Director 6.6 were expected to be
    available by late August 2019.

    Customers can download the Cisco IMC Supervisor software from the Software
    Center on Cisco.com by doing the following:

     1. Click Browse all .
     2. Choose Servers - Unified Computing > Integrated Management Controller
        (IMC) Supervisor > IMC Supervisor 2.x .
     3. Access releases by using the left pane of the IMC Supervisor 2.x page.

    Customers can download the Cisco UCS Director software from the Software
    Center on Cisco.com by doing the following:

     1. Click Browse all .
     2. Choose Servers - Unified Computing > UCS Director > UCS Director 6.7 .
     3. Access releases by using the left pane of the UCS Director 6.7 page.

    Customers can download the Cisco UCS Director Express for Big Data software
    from the Software Center on Cisco.com by doing the following:

     1. Click Browse all .
     2. Choose Servers - Unified Computing > UCS Director > UCS Director
        Express for Big Data 3.7 .
     3. Access releases by using the left pane of the UCS Director Express for
        Big Data 3.7 page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during the resolution of a Cisco TAC support
    case.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-ucs-imc-dos

Revision History

  o +---------+--------------------------+---------+--------+-----------------+
    | Version |       Description        | Section | Status |      Date       |
    +---------+--------------------------+---------+--------+-----------------+
    | 1.0     | Initial public release.  | -       | Final  | 2019-August-21  |
    +---------+--------------------------+---------+--------+-----------------+

- ------------------------------------------------------------------------------

Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and
Cisco UCS Director Express for Big Data Command Injection Vulnerability

Priority:        High

Advisory ID:     cisco-sa-20190821-imcs-ucs-cmdinj

First Published: 2019 August 21 16:00 GMT

Last Updated:    2019 August 30 12:33 GMT

Version 1.1:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvp19245

CVE-2019-1936    

CWE-20

CVSS Score:
7.2  AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the web-based management interface of Cisco Integrated
    Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS
    Director Express for Big Data could allow an authenticated, remote attacker
    to execute arbitrary commands on the underlying Linux shell as the root 
    user. Exploitation of this vulnerability requires privileged access to an
    affected device.

    The vulnerability is due to insufficient validation of user-supplied input
    by the web-based management interface. An attacker could exploit this
    vulnerability by logging in to the web-based management interface with
    administrator privileges and then sending a malicious request to a certain
    part of the interface.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imcs-ucs-cmdinj

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products:

    Cisco IMC Supervisor releases:

       2.1
       2.2.0.0 through 2.2.0.6

    Cisco UCS Director releases:

       6.0
       6.5
       6.6.0.0 and 6.6.1.0
       6.7.0.0 and 6.7.1.0

    Cisco UCS Director Express for Big Data releases:

       3.0
       3.5
       3.6
       3.7.0.0 and 3.7.1.0

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco fixed this vulnerability in the following software releases:

       Cisco IMC Supervisor releases 2.2.1.0 and later
       Cisco UCS Director releases 6.7.2.0 and later (recommended: 6.7.3.0)
       Cisco UCS Director Express for Big Data releases 3.7.2.0 and later
        (recommended: 3.7.3.0)

    Customers can download the Cisco IMC Supervisor software from the Software
    Center on Cisco.com by doing the following:

     1. Click Browse all .
     2. Choose Servers - Unified Computing > Integrated Management Controller
        (IMC) Supervisor > IMC Supervisor 2.x .
     3. Access releases by using the left pane of the IMC Supervisor 2.x page.

    Customers can download the Cisco UCS Director software from the Software
    Center on Cisco.com by doing the following:

     1. Click Browse all .
     2. Choose Servers - Unified Computing > UCS Director > UCS Director 6.7 .
     3. Access releases by using the left pane of the UCS Director 6.7 page.

    Customers can download the Cisco UCS Director Express for Big Data software
    from the Software Center on Cisco.com by doing the following:

     1. Click Browse all .
     2. Choose Servers - Unified Computing > UCS Director > UCS Director
        Express for Big Data 3.7 .
     3. Access releases by using the left pane of the UCS Director Express for
        Big Data 3.7 page.

Exploitation and Public Announcements

  o Security researcher Pedro Ribeiro has published details on this
    vulnerability in his GitHub repository and has also released corresponding
    Metasploit modules.

Source

  o Cisco would like to thank independent security researcher Pedro Ribeiro for
    reporting this vulnerability to iDefense's Vulnerability Contributor
    Program.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

Action Links for This Advisory

  o Snort Rule 50903

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imcs-ucs-cmdinj

Revision History

  o +---------+---------------------+---------------+--------+----------------+
    | Version |     Description     |    Section    | Status |      Date      |
    +---------+---------------------+---------------+--------+----------------+
    |         | Updated the public  |               |        |                |
    |         | announcement and    | Exploitation  |        |                |
    | 1.1     | availability of     | and Public    | Final  | 2019-August-30 |
    |         | public exploit      | Announcements |        |                |
    |         | code.               |               |        |                |
    +---------+---------------------+---------------+--------+----------------+
    | 1.0     | Initial public      | -             | Final  | 2019-August-21 |
    |         | release.            |               |        |                |
    +---------+---------------------+---------------+--------+----------------+

- ------------------------------------------------------------------------------

Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and
Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability

Priority:        Critical

Advisory ID:     cisco-sa-20190821-imcs-ucs-authby

First Published: 2019 August 21 16:00 GMT

Last Updated:    2019 August 30 12:30 GMT

Version 1.1:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvp19229

CVE-2019-1937    

CWE-287

CVSS Score:
9.8  AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the web-based management interface of Cisco Integrated
    Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS
    Director Express for Big Data could allow an unauthenticated, remote
    attacker to acquire a valid session token with administrator privileges,
    bypassing user authentication.

    The vulnerability is due to insufficient request header validation during
    the authentication process. An attacker could exploit this vulnerability by
    sending a series of malicious requests to an affected device. An exploit
    could allow the attacker to use the acquired session token to gain full
    administrator access to the affected device.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imcs-ucs-authby

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products:

    Cisco IMC Supervisor releases:

       2.2.0.3 through 2.2.0.6

    Cisco UCS Director releases:

       6.6.0.0 and 6.6.1.0
       6.7.0.0 and 6.7.1.0

    Cisco UCS Director Express for Big Data releases:

       3.6
       3.7.0.0 and 3.7.1.0

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco fixed this vulnerability in the following software releases:

       Cisco IMC Supervisor releases 2.2.1.0 and later
       Cisco UCS Director releases 6.7.2.0 and later (recommended: 6.7.3.0)
       Cisco UCS Director Express for Big Data releases 3.7.2.0 and later
        (recommended: 3.7.3.0)

    Customers can download the Cisco IMC Supervisor software from the Software
    Center on Cisco.com by doing the following:

     1. Click Browse all .
     2. Choose Servers - Unified Computing > Integrated Management Controller
        (IMC) Supervisor > IMC Supervisor 2.x .
     3. Access releases by using the left pane of the IMC Supervisor 2.x page.

    Customers can download the Cisco UCS Director software from the Software
    Center on Cisco.com by doing the following:

     1. Click Browse all .
     2. Choose Servers - Unified Computing > UCS Director > UCS Director 6.7 .
     3. Access releases by using the left pane of the UCS Director 6.7 page.

    Customers can download the Cisco UCS Director Express for Big Data software
    from the Software Center on Cisco.com by doing the following:

     1. Click Browse all .
     2. Choose Servers - Unified Computing > UCS Director > UCS Director
        Express for Big Data 3.7 .
     3. Access releases by using the left pane of the UCS Director Express for
        Big Data 3.7 page.

Exploitation and Public Announcements

  o Security researcher Pedro Ribeiro has published details on this
    vulnerability in his GitHub repository and has also released corresponding
    Metasploit modules.

Source

  o Cisco would like to thank independent security researcher Pedro Ribeiro for
    reporting this vulnerability to iDefense's Vulnerability Contributor
    Program.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imcs-ucs-authby

Revision History

  o +---------+---------------------+---------------+--------+----------------+
    | Version |     Description     |    Section    | Status |      Date      |
    +---------+---------------------+---------------+--------+----------------+
    |         | Updated the public  |               |        |                |
    |         | announcement and    | Exploitation  |        |                |
    | 1.1     | availability of     | and Public    | Final  | 2019-August-30 |
    |         | public exploit      | Announcements |        |                |
    |         | code.               |               |        |                |
    +---------+---------------------+---------------+--------+----------------+
    | 1.0     | Initial public      | -             | Final  | 2019-August-21 |
    |         | release.            |               |        |                |
    +---------+---------------------+---------------+--------+----------------+

- -------------------------------------------------------------------------------

Cisco Integrated Management Controller Substring Comparison Privilege
Escalation Vulnerability

Priority:        High

Advisory ID:     cisco-sa-20190821-imc-privescal

First Published: 2019 August 21 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvo36080

CVE-2019-1907    

CWE-285

CVSS Score:
8.8  AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the web server of Cisco Integrated Management Controller
    (IMC) could allow an authenticated, remote attacker to set sensitive
    configuration values and gain elevated privileges.

    The vulnerability is due to improper handling of substring comparison
    operations that are performed by the affected software. An attacker could
    exploit this vulnerability by sending a crafted HTTP request to the
    affected software. A successful exploit could allow the attacker with
    read-only privileges to gain administrator privileges.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-privescal

Affected Products

  o Vulnerable Products

    This vulnerability affects Cisco UCS C-Series and S-Series Servers in
    standalone mode if they are running a vulnerable release of Cisco IMC
    Software.

    For information about fixed software releases, consult the Fixed Software 
    section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco products:

       UCS E-Series Servers
       5000 Series Enterprise Network Compute System
       FI-Attached servers managed by UCS Manager, including B-Series,
        C-Series, and S-Series Servers

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Customers are advised to upgrade to the appropriate Cisco UCS C-Series and
    S-Series software release as indicated in the following table:

    Cisco IMC Software Release                  First Fixed Release
    1.4                                         Not vulnerable
    1.5                                         Not vulnerable
    2.0                                         Not vulnerable
    3.0                                         Not vulnerable
    4.0                                         4.0(2f), 4.0(4b)

    Customers can download Cisco IMC Software from the Software Center on
    Cisco.com by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS C-Series Rack-Mount
        Standalone Server Software .
     3. In the right pane, choose the appropriate Cisco UCS C-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-privescal

Revision History

  o +---------+--------------------------+---------+--------+-----------------+
    | Version |       Description        | Section | Status |      Date       |
    +---------+--------------------------+---------+--------+-----------------+
    | 1.0     | Initial public release.  | -       | Final  | 2019-August-21  |
    +---------+--------------------------+---------+--------+-----------------+

- -----------------------------------------------------------------------------

Cisco Integrated Management Controller Privilege Escalation Vulnerability

Priority:        High

Advisory ID:     cisco-sa-20190821-imc-privilege

First Published: 2019 August 21 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvn21011

CVE-2019-1863    

CWE-285

CVSS Score:
6.5  AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:X/RL:X/RC:X

Summary

  o A vulnerability in the web-based management interface of Cisco Integrated
    Management Controller (IMC) Software could allow an authenticated, remote
    attacker to make unauthorized changes to the system configuration.

    The vulnerability is due to insufficient authorization enforcement. An
    attacker could exploit this vulnerability by sending a crafted HTTP request
    to the affected software. A successful exploit could allow a user with
    read-only privileges to change critical system configurations using
    administrator privileges.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-privilege

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products if they are running
    a vulnerable release of Cisco IMC Software:

       UCS C-Series and S-Series Servers in standalone mode
       UCS E-Series Servers
       5000 Series Enterprise Network Compute System (ENCS) Platforms

    For information about affected software releases, consult the Fixed
    Software section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco FI-Attached servers that are managed by UCS Manager:

       UCS B-Series Servers
       UCS C-Series Servers
       UCS S-Series Servers

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades, customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco UCS C-Series and S-Series Servers

    Customers are advised to upgrade to the appropriate Cisco UCS C-Series and
    S-Series software release as indicated in the following table:

    Cisco IMC Software Release             First Fixed Release
    1.4                                    Not vulnerable
    1.5                                    1.5(9g)
    2.0                                    2.0(13o)
    3.0                                    3.0(4k)
    4.0                                    4.0(1d), 4.0(2c), 4.0(4b)

    Customers can download Cisco IMC Software from the Software Center on
    Cisco.com by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS C-Series Rack-Mount
        Standalone Server Software .
     3. In the right pane, choose the appropriate Cisco UCS C-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

    Cisco UCS E-Series Servers

    Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for
    Cisco UCS E-Series Servers.

    Customers can download the software from the Software Center on Cisco.com
    by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS E-Series Software .
     3. In the right pane, choose the appropriate Cisco UCS E-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

    Cisco 5000 Series Enterprise Network Compute System Platforms

    Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for
    Cisco 5000 Series ENCS Platforms.

    Customers can download the software from the Software Center on Cisco.com
    by doing the following:

     1. Click Browse all .
     2. Navigate to Routers > Network Functions Virtualization > 5000 Series
        Enterprise Network Compute System .
     3. In the right pane, choose the appropriate ENCS platform.
     4. On the Select a Software Type page, click ENCS Software .
     5. Access releases by using the left pane of the page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-privilege

Revision History

  o +---------+--------------------------+---------+--------+-----------------+
    | Version |       Description        | Section | Status |      Date       |
    +---------+--------------------------+---------+--------+-----------------+
    | 1.0     | Initial public release.  | -       | Final  | 2019-August-21  |
    +---------+--------------------------+---------+--------+-----------------+

- ------------------------------------------------------------------------------

Cisco Integrated Management Controller Information Disclosure Vulnerability

Priority:        High

Advisory ID:     cisco-sa-20190821-imc-infodisc

First Published: 2019 August 21 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvo36096

CVE-2019-1908    

CWE-200

CVSS Score:
7.5  AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X

Summary

  o A vulnerability in the Intelligent Platform Management Interface (IPMI)
    implementation of Cisco Integrated Management Controller (IMC) could allow
    an unauthenticated, remote attacker to view sensitive system information.

    The vulnerability is due to insufficient security restrictions imposed by
    the affected software. A successful exploit could allow the attacker to
    view sensitive information that belongs to other users. The attacker could
    then use this information to conduct additional attacks.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-infodisc

Affected Products

  o Vulnerable Products

    This vulnerability affects Cisco UCS C-Series and S-Series Servers in
    standalone mode if they are running a vulnerable release of Cisco IMC
    Software.

    For information about fixed software releases, consult the Fixed Software 
    section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco products:

       UCS E-Series Servers
       5000 Series Enterprise Network Compute System
       FI-Attached servers managed by UCS Manager, including UCS B-Series,
        C-Series, and S-Series Servers

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Customers are advised to upgrade to the appropriate Cisco UCS C-Series and
    S-Series software release as indicated in the following table:

    Cisco IMC Software Release                  First Fixed Release
    1.4                                         Not vulnerable
    1.5                                         Not vulnerable
    2.0                                         2.0(13o)
    3.0                                         3.0(4k)
    4.0                                         4.0(2f), 4.0(4b)

    Customers can download Cisco IMC Software from the Software Center on
    Cisco.com by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS C-Series Rack-Mount
        Standalone Server Software .
     3. In the right pane, choose the appropriate Cisco UCS C-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-infodisc

Revision History

  o +---------+--------------------------+---------+--------+-----------------+
    | Version |       Description        | Section | Status |      Date       |
    +---------+--------------------------+---------+--------+-----------------+
    | 1.0     | Initial public release.  | -       | Final  | 2019-August-21  |
    +---------+--------------------------+---------+--------+-----------------+

- ------------------------------------------------------------------------------

Cisco Integrated Management Controller Command Injection Vulnerability

Priority:        High

Advisory ID:     cisco-sa-20190821-imc-cmdinj-1850

First Published: 2019 August 21 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvn20998CSCvq09455

CVE-2019-1850    

CWE-78

CVSS Score:
7.2  AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the web-based management interface of Cisco Integrated
    Management Controller (IMC) Software could allow an authenticated, remote
    attacker to inject arbitrary commands that are executed with root 
    privileges on an affected device. An attacker would need to have valid
    administrator credentials on the device.

    The vulnerability is due to insufficient validation of user-supplied input
    by the affected software. An attacker with elevated privileges could
    exploit this vulnerability by sending crafted commands to the
    administrative web management interface of the affected software. A
    successful exploit could allow the attacker to inject and execute
    arbitrary, system-level commands with root privileges on an affected
    device.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-cmdinj-1850

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products:

       UCS C-Series and S-Series Servers in standalone mode that are running
        Cisco IMC Software earlier than the first fixed releases of 3.0 and
        4.0.
       UCS E-Series Servers that are running Cisco IMC Software earlier than
        the first fixed release of 3.2(8).
       5000 Series Enterprise Network Compute System (ENCS) Platforms that are
        running Cisco IMC Software earlier than the first fixed release of 3.2
        (8).

    For information about affected software releases, consult the Fixed
    Software section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco FI-Attached servers that are managed by UCS Manager:

       UCS B-Series Servers
       UCS C-Series Servers
       UCS S-Series Servers

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Customers are advised to upgrade to the appropriate UCS C-Series and
    S-Series software release as indicated in the following table:

    Cisco IMC Software Release                  First Fixed Release
    1.4                                         Not vulnerable
    1.5                                         Not vulnerable
    2.0                                         Not vulnerable
    3.0                                         3.0(4k)
    4.0                                         4.0(2f),4.0(4b)

    Customers can download Cisco IMC Software from the Software Center on
    Cisco.com by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS C-Series Rack-Mount
        Standalone Server Software .
     3. In the right pane, choose the appropriate Cisco UCS C-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

    Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for
    Cisco UCS E-Series Servers.

    Customers can download the software from the Software Center on Cisco.com
    by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS E-Series Software .
     3. In the right pane, choose the appropriate Cisco UCS E-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

    Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for
    Cisco 5000 Series Enterprise Network Compute System (ENCS) Platforms.

    Customers can download the software from the Software Center on Cisco.com
    by doing the following:

     1. Click Browse all .
     2. Navigate to Routers > Network Functions Virtualization > 5000 Series
        Enterprise Network Compute System .
     3. In the right pane, choose the appropriate ENCS platform.
     4. On the Select a Software Type page, click ENCS Software .
     5. Access releases by using the left pane of the page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-cmdinj-1850

Revision History

  o +---------+--------------------------+---------+--------+-----------------+
    | Version |       Description        | Section | Status |      Date       |
    +---------+--------------------------+---------+--------+-----------------+
    | 1.0     | Initial public release.  | -       | Final  | 2019-August-21  |
    +---------+--------------------------+---------+--------+-----------------+

- ------------------------------------------------------------------------------

Cisco Integrated Management Controller Command Injection Vulnerability

Priority:        High

Advisory ID:     cisco-sa-20190821-imc-cmdinj-1864

First Published: 2019 August 21 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvn21003

CVE-2019-1864    

CWE-78

CVSS Score:
8.8  AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the web-based management interface of Cisco Integrated
    Management Controller (IMC) Software could allow an authenticated, remote
    attacker to inject arbitrary commands that are executed with root 
    privileges on an affected device.

    The vulnerability is due to insufficient validation of command input by the
    affected software. An attacker could exploit this vulnerability by sending
    malicious commands to the web-based management interface of the affected
    software. A successful exploit could allow the attacker, with read-only
    privileges, to inject and execute arbitrary, system-level commands with
    root privileges on an affected device.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-cmdinj-1864

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products if they are running
    a vulnerable release of Cisco IMC Software:

       UCS C-Series and S-Series Servers in standalone mode
       UCS E-Series Servers
       5000 Series Enterprise Network Compute System (ENCS) Platforms

    For information about affected software releases, consult the Fixed
    Software section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco FI-Attached servers managed by UCS Manager:

       Cisco UCS B-Series Servers
       Cisco UCS C-Series Servers
       Cisco UCS S-Series Servers

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco UCS C-Series and S-Series Servers
   
    Customers are advised to upgrade to the appropriate UCS C-Series and
    S-Series Software release as indicated in the following table:

    Cisco IMC Software Release                  First Fixed Release
    1.4                                         Not vulnerable
    1.5                                         1.5(9g)
    2.0                                         2.0(13o)
    3.0                                         3.0(4k)
    4.0                                         4.0(2f),4.0(4b)

    Customers can download Cisco IMC Software from the Software Center on
    Cisco.com by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS C-Series Rack-Mount
        Standalone Server Software .
     3. In the right pane, choose the appropriate Cisco UCS C-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

    Cisco UCS E-Series Servers

    Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for
    Cisco UCS E-Series Servers.

    Customers can download the software from the Software Center on Cisco.com
    by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS E-Series Software .
     3. In the right pane, choose the appropriate Cisco UCS E-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

    Cisco 5000 Series Enterprise Network Compute System Platforms

    Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for
    Cisco 5000 Series Enterprise Network Compute System (ENCS) Platforms.

    Customers can download the software from the Software Center on Cisco.com
    by doing the following:

     1. Click Browse all .
     2. Navigate to Routers > Network Functions Virtualization > 5000 Series
        Enterprise Network Compute System .
     3. In the right pane, choose the appropriate ENCS platform.
     4. On the Select a Software Type page, click ENCS Software .
     5. Access releases by using the left pane of the page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-cmdinj-1864

Revision History

  o +---------+--------------------------+---------+--------+-----------------+
    | Version |       Description        | Section | Status |      Date       |
    +---------+--------------------------+---------+--------+-----------------+
    | 1.0     | Initial public release.  | -       | Final  | 2019-August-21  |
    +---------+--------------------------+---------+--------+-----------------+

- ------------------------------------------------------------------------------

Cisco Integrated Management Controller Command Injection Vulnerability

Priority:        High

Advisory ID:     cisco-sa-20190821-imc-cmdinj-1865

First Published: 2019 August 21 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvn20993

CVE-2019-1865    

CWE-78

CVSS Score:
8.8  AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the web-based management interface of Cisco Integrated
    Management Controller (IMC) Software could allow an authenticated, remote
    attacker to inject arbitrary commands that are executed with root 
    privileges on an affected device.

    The vulnerability is due to insufficient validation of user-supplied input
    by the affected software. An attacker could exploit this vulnerability by
    invoking an interface monitoring mechanism with a crafted argument on the
    affected software. A successful exploit could allow the attacker to inject
    and execute arbitrary, system-level commands with root privileges on an
    affected device.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-cmdinj-1865

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products if they are running
    a vulnerable release of Cisco IMC Software:

       UCS C-Series and S-Series Servers in standalone mode
       UCS E-Series Servers
       5000 Series Enterprise Network Compute System (ENCS) Platforms

    For information about affected software releases, consult the Fixed
    Software section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco FI-Attached servers managed by UCS Manager:

       Cisco UCS B-Series Servers
       Cisco UCS C-Series Servers
       Cisco UCS S-Series Servers

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco UCS C-Series and S-Series Servers
   
    Customers are advised to upgrade to the appropriate UCS C-Series and
    S-Series Software release as indicated in the following table:

    Cisco IMC Software Release              First Fixed Release
    1.4                                     Not vulnerable
    1.5                                     1.5(9g)
    2.0                                     2.0(13o)
    3.0                                     3.0(4k)
    4.0                                     4.0(1d),4.0(2c),4.0(4b)

    Customers can download Cisco IMC Software from the Software Center on
    Cisco.com by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS C-Series Rack-Mount
        Standalone Server Software .
     3. In the right pane, choose the appropriate Cisco UCS C-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

    Cisco UCS E-Series Servers

    Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for
    Cisco UCS E-Series Servers.

    Customers can download the software from the Software Center on Cisco.com
    by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS E-Series Software .
     3. In the right pane, choose the appropriate Cisco UCS E-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

    Cisco 5000 Series Enterprise Network Compute System Platforms

    Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for
    Cisco 5000 Series Enterprise Network Compute System (ENCS) Platforms.

    Customers can download the software from the Software Center on Cisco.com
    by doing the following:

     1. Click Browse all .
     2. Navigate to Routers > Network Functions Virtualization > 5000 Series
        Enterprise Network Compute System .
     3. In the right pane, choose the appropriate ENCS platform.
     4. On the Select a Software Type page, click ENCS Software .
     5. Access releases by using the left pane of the page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-cmdinj-1865

Revision History

  o +---------+--------------------------+---------+--------+-----------------+
    | Version |       Description        | Section | Status |      Date       |
    +---------+--------------------------+---------+--------+-----------------+
    | 1.0     | Initial public release.  | -       | Final  | 2019-August-21  |
    +---------+--------------------------+---------+--------+-----------------+

- ------------------------------------------------------------------------------

Cisco Integrated Management Controller Command Injection Vulnerability

Priority:        High

Advisory ID:     cisco-sa-20190821-imc-cmdinject-1634

First Published: 2019 August 21 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvo35971

CVE-2019-1634    

CWE-78

CVSS Score:
7.2  AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the Intelligent Platform Management Interface (IPMI) of
    Cisco Integrated Management Controller (IMC) could allow an authenticated,
    remote attacker to inject arbitrary commands that are executed with root 
    privileges on the underlying operating system (OS).

    The vulnerability is due to insufficient input validation of user-supplied
    commands. An attacker who has administrator privileges and access to the
    network where the IPMI resides could exploit this vulnerability by
    submitting crafted input to the affected commands. A successful exploit
    could allow the attacker to gain root privileges on the affected device.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-cmdinject-1634

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products if they are running
    a vulnerable release of Cisco IMC Software:

       UCS C-Series and S-Series Servers in standalone mode
       UCS E-Series Servers
       5000 Series Enterprise Network Compute System (ENCS) Platforms

    For information about affected software releases, consult the Fixed
    Software section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco FI-Attached servers that are managed by UCS Manager:

       UCS B-Series Servers
       UCS C-Series Servers
       UCS S-Series Servers

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco UCS C-Series and S-Series Servers

    Customers are advised to upgrade to the appropriate Cisco UCS C-Series and
    S-Series software release as indicated in the following table:

    Cisco IMC Software Release                  First Fixed Release
    1.4                                         Not vulnerable
    1.5                                         1.5(9g)
    2.0                                         2.0(13o)
    3.0                                         3.0(4k)
    4.0                                         4.0(2f), 4.0(4b)

    Customers can download Cisco IMC Software from the Software Center on
    Cisco.com by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS C-Series Rack-Mount
        Standalone Server Software .
     3. In the right pane, choose the appropriate Cisco UCS C-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

    Cisco UCS E-Series Servers

    Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for
    Cisco UCS E-Series Servers.

    Customers can download the software from the Software Center on Cisco.com
    by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS E-Series Software .
     3. In the right pane, choose the appropriate Cisco UCS E-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

    Cisco 5000 Series Enterprise Network Compute System Platforms

    Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for
    Cisco 5000 Series ENCS platforms.

    Customers can download the software from the Software Center on Cisco.com
    by doing the following:

     1. Click Browse all .
     2. Navigate to Routers > Network Functions Virtualization > 5000 Series
        Enterprise Network Compute System .
     3. In the right pane, choose the appropriate ENCS platform.
     4. On the Select a Software Type page, click ENCS Software .
     5. Access releases by using the left pane of the page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-cmdinject-1634

Revision History

  o +---------+--------------------------+---------+--------+-----------------+
    | Version |       Description        | Section | Status |      Date       |
    +---------+--------------------------+---------+--------+-----------------+
    | 1.0     | Initial public release.  | -       | Final  | 2019-August-21  |
    +---------+--------------------------+---------+--------+-----------------+

- ------------------------------------------------------------------------------

Cisco Integrated Management Controller Command Injection Vulnerability

Priority:        High

Advisory ID:     cisco-sa-20190821-ucs-cimc

First Published: 2019 August 21 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvo01180

CVE-2019-1885    

CWE-78

CVSS Score:
7.2  AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the Redfish protocol of Cisco Integrated Management
    Controller (IMC) could allow an authenticated, remote attacker to inject
    and execute arbitrary commands with root privileges on an affected device.

    The vulnerability is due to insufficient validation of user-supplied input
    by the affected software. An attacker could exploit this vulnerability by
    sending crafted authenticated commands to the web-based management
    interface of the affected software. A successful exploit could allow the
    attacker to inject and execute arbitrary commands on an affected device
    with root privileges.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-ucs-cimc

Affected Products

  o Vulnerable Products

    This vulnerability affects Cisco UCS C-Series and S-Series Servers in
    Standalone mode that are running Cisco IMC Software prior to the first
    fixed releases of 3.0 and 4.0.

    For information about affected software releases, consult the Fixed
    Software section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco products:

       UCS E-Series Servers
       5000 Series Enterprise Network Compute System
       FI-Attached servers managed by UCS Manager, including UCS B-Series,
        C-Series, and S-Series Servers

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Customers are advised to upgrade to the appropriate UCS C-Series and
    S-Series software release as indicated in the following table:

    Cisco IMC Software Release                  First Fixed Release
    1.4                                         Not vulnerable
    1.5                                         Not vulnerable
    2.0                                         Not vulnerable
    3.0                                         3.0(4k)
    4.0                                         4.0(2f),4.0(4b)

    Customers can download Cisco IMC Software from the Software Center on
    Cisco.com by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS C-Series Rack-Mount
        Standalone Server Software .
     3. In the right pane, choose the appropriate Cisco UCS C-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-ucs-cimc

Revision History

  o +---------+--------------------------+---------+--------+-----------------+
    | Version |       Description        | Section | Status |      Date       |
    +---------+--------------------------+---------+--------+-----------------+
    | 1.0     | Initial public release.  | -       | Final  | 2019-August-21  |
    +---------+--------------------------+---------+--------+-----------------+

- ------------------------------------------------------------------------------

Cisco Integrated Management Controller CSR Generation Command Injection
Vulnerability

Priority:        High

Advisory ID:     cisco-sa-20190821-imc-cmdinject-1896

First Published: 2019 August 21 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvo36057

CVE-2019-1896    

CWE-78

CVSS Score:
7.2  AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the web-based management interface of Cisco Integrated
    Management Controller (IMC) could allow an authenticated, remote attacker
    to inject arbitrary commands and obtain root privileges.

    The vulnerability is due to insufficient validation of user-supplied input
    in the Certificate Signing Request (CSR) function of the web-based
    management interface. An attacker could exploit this vulnerability by
    submitting a crafted CSR in the web-based management interface. A
    successful exploit could allow an attacker with administrator privileges to
    execute arbitrary commands on the device with full root privileges.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-cmdinject-1896

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products if they are running
    a vulnerable release of Cisco IMC Software:

       UCS C-Series and S-Series Servers in standalone mode
       UCS E-Series Servers
       5000 Series Enterprise Network Compute System (ENCS) Platforms

    For information about affected software releases, consult the Fixed
    Software section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco FI-Attached servers that are managed by UCS Manager:

       UCS B-Series Servers
       UCS C-Series Servers
       UCS S-Series Servers

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco UCS C-Series and S-Series Servers

    Customers are advised to upgrade to the appropriate Cisco UCS C-Series and
    S-Series software release as indicated in the following table:

    Cisco IMC Software Release                  First Fixed Release
    1.4                                         Not vulnerable
    1.5                                         Not vulnerable
    2.0                                         2.0(13o)
    3.0                                         3.0(4k)
    4.0                                         4.0(2f), 4.0(4b)

    Customers can download Cisco IMC Software from the Software Center on
    Cisco.com by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS C-Series Rack-Mount
        Standalone Server Software .
     3. In the right pane, choose the appropriate Cisco UCS C-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

    Cisco UCS E-Series Servers

    Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for
    Cisco UCS E-Series Servers.

    Customers can download the software from the Software Center on Cisco.com
    by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS E-Series Software .
     3. In the right pane, choose the appropriate Cisco UCS E-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

    Cisco 5000 Series Enterprise Network Compute System Platforms

    Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for
    Cisco 5000 Series ENCS Platforms.

    Customers can download the software from the Software Center on Cisco.com
    by doing the following:

     1. Click Browse all .
     2. Navigate to Routers > Network Functions Virtualization > 5000 Series
        Enterprise Network Compute System .
     3. In the right pane, choose the appropriate ENCS platform.
     4. On the Select a Software Type page, click ENCS Software .
     5. Access releases by using the left pane of the page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-cmdinject-1896

Revision History

  o +---------+--------------------------+---------+--------+-----------------+
    | Version |       Description        | Section | Status |      Date       |
    +---------+--------------------------+---------+--------+-----------------+
    | 1.0     | Initial public release.  | -       | Final  | 2019-August-21  |
    +---------+--------------------------+---------+--------+-----------------+

- ------------------------------------------------------------------------------

Cisco Integrated Management Controller CLI Command Injection Vulnerability

Priority:        High

Advisory ID:     cisco-sa-20190821-cimc-cli-inject

First Published: 2019 August 21 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvo35996

CVE-2019-1883    

CWE-78

CVSS Score:
7.0  AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o 
    A vulnerability in the command-line interface of Cisco Integrated
    Management Controller (IMC) could allow an authenticated, local attacker
    with read-only credentials to inject arbitrary commands that could allow
    them to obtain root privileges.

    The vulnerability is due to insufficient validation of user-supplied input
    on the command-line interface. An attacker could exploit this vulnerability
    by authenticating with read-only privileges via the CLI of an affected
    device and submitting crafted input to the affected commands. A successful
    exploit could allow an attacker to execute arbitrary commands on the device
    with root privileges.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-cimc-cli-inject

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products:

       UCS C-Series and S-Series Servers in standalone mode that are running
        Cisco IMC Software earlier than the first fixed releases of 3.0 and
        4.0.
       UCS E-Series Servers that are running Cisco IMC Software earlier than
        the first fixed release of 3.2(8).
       5000 Series Enterprise Network Compute System (ENCS) Platforms that are
        running Cisco IMC Software earlier than the first fixed release of 3.2
        (8).

    For information about affected software releases, consult the Fixed
    Software section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco FI-Attached servers managed by UCS Manager:
       Cisco UCS B-Series Servers
       Cisco UCS C-Series Servers
       Cisco UCS S-Series Servers

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Customers are advised to upgrade to the appropriate UCS C-Series and
    S-Series software release as indicated in the following table:

    Cisco IMC Software Release                  First Fixed Release
    1.4                                         Not vulnerable
    1.5                                         Not vulnerable
    2.0                                         Not vulnerable
    3.0                                         3.0(4k)
    4.0                                         4.0(2f),4.0(4b)

    Customers can download Cisco IMC Software from the Software Center on
    Cisco.com by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS C-Series Rack-Mount
        Standalone Server Software .
     3. In the right pane, choose the appropriate Cisco UCS C-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

    Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for
    Cisco UCS E-Series Servers.

    Customers can download the software from the Software Center on Cisco.com
    by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS E-Series Software .
     3. In the right pane, choose the appropriate Cisco UCS E-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

    Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for
    Cisco 5000 Series Enterprise Network Compute System (ENCS) Platforms.

    Customers can download the software from the Software Center on Cisco.com
    by doing the following:

     1. Click Browse all .
     2. Navigate to Routers > Network Functions Virtualization > 5000 Series
        Enterprise Network Compute System .
     3. In the right pane, choose the appropriate ENCS platform.
     4. On the Select a Software Type page, click ENCS Software .
     5. Access releases by using the left pane of the page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-cimc-cli-inject

Revision History

  o +---------+--------------------------+---------+--------+-----------------+
    | Version |       Description        | Section | Status |      Date       |
    +---------+--------------------------+---------+--------+-----------------+
    | 1.0     | Initial public release.  | -       | Final  | 2019-August-21  |
    +---------+--------------------------+---------+--------+-----------------+

- ------------------------------------------------------------------------------

Cisco Integrated Management Controller Buffer Overflow Vulnerability

Priority:        High

Advisory ID:     cisco-sa-20190821-imc-bo

First Published: 2019 August 21 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds availableCisco Bug IDs:   CSCvo36122

CVE-2019-1871    

CWE-119

CVSS Score:
7.2  AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the Import Cisco IMC configuration utility of Cisco
    Integrated Management Controller (IMC) could allow an authenticated, remote
    attacker to cause a denial of service (DoS) condition and implement
    arbitrary commands with root privileges on an affected device.

    The vulnerability is due to improper bounds checking by the import-config 
    process. An attacker could exploit this vulnerability by sending malicious
    packets to an affected device. When the packets are processed, an
    exploitable buffer overflow condition may occur. A successful exploit could
    allow the attacker to implement arbitrary code on the affected device with
    elevated privileges.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-bo

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco products if they are running
    a vulnerable release of Cisco IMC Software:

       UCS C-Series and S-Series Servers in standalone mode
       UCS E-Series Servers
       5000 Series Enterprise Network Compute System (ENCS) Platform

    For information about affected software releases, consult the Fixed
    Software section of this advisory.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco FI-Attached servers managed by UCS Manager:

       Cisco UCS B-Series Servers
       Cisco UCS C-Series Servers
       Cisco UCS S-Series Servers

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories and Alerts page , to determine exposure and a
    complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC:
    https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco UCS C-Series and S-Series Servers
   
    Customers are advised to upgrade to the appropriate UCS C-Series and
    S-Series software release as indicated in the following table:

    Cisco IMC Software Release                  First Fixed Release
    1.4                                         Not vulnerable
    1.5                                         Not vulnerable
    2.0                                         Not vulnerable
    3.0                                         3.0(4k)
    4.0                                         4.0(2f),4.0(4b)

    Customers can download Cisco IMC Software from the Software Center on
    Cisco.com by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS C-Series Rack-Mount
        Standalone Server Software .
     3. In the right pane, choose the appropriate Cisco UCS C-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

    Cisco UCS E-Series Servers

    Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for
    Cisco UCS E-Series Servers.

    Customers can download the software from the Software Center on Cisco.com
    by doing the following:

     1. Click Browse all .
     2. Navigate to Servers - Unified Computing > UCS E-Series Software .
     3. In the right pane, choose the appropriate Cisco UCS E-Series platform.
     4. On the Select a Software Type page, click Unified Computing System
        (UCS) Server Firmware .
     5. Access releases by using the left pane of the page.

    Cisco 5000 Series Enterprise Network Compute System (ENCS) Platforms

    Cisco fixed this vulnerability in Cisco IMC Software Release 3.2(8) for
    Cisco 5000 Series ENCS Platforms.

    Customers can download the software from the Software Center on Cisco.com
    by doing the following:

     1. Click Browse all .
     2. Navigate to Routers > Network Functions Virtualization > 5000 Series
        Enterprise Network Compute System .
     3. In the right pane, choose the appropriate ENCS platform.
     4. On the Select a Software Type page, click ENCS Software .
     5. Access releases by using the left pane of the page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-20190821-imc-bo

Revision History

  o +---------+--------------------------+---------+--------+-----------------+
    | Version |       Description        | Section | Status |      Date       |
    +---------+--------------------------+---------+--------+-----------------+
    | 1.0     | Initial public release.  | -       | Final  | 2019-August-21  |
    +---------+--------------------------+---------+--------+-----------------+

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXWxvtGaOgq3Tt24GAQh23Q//aI+SIegP5YWilR2RoOaNihyfT2rKXw0N
hs1jqiIlBeFRV81tWRLAd9ZxNs4NTWskuKNGxXrqO6ttKTacNQXMURW/CJG8KotE
HLlxE8Na27N2E/VHKUKJybNXtXv9IrBpxrRPxEWSqLgga3STVWq5W+mU0JvPHF6s
b9AsNmQxh+I/7pHjMgrOuVfGOYmRXYsX4w2iAg3OFgyP5MHYs145KWJCb2MpIjiG
Z0plmOZ4wgYYcBiKQsbZDFP4YZWTKU1ZU9Fil11Og3xlUMDP2HziSWCzzWbOMBMl
rzyA5OfH/CYr64V3+x4ymbZjTS7Hbyr1tMJgVD6H+g9rE6RZRBm+eck7j2A6WnAZ
kpUwaYvjjTE394M1TjdpmXqQG5COdfIjVNQfGle9oSea/WyqHedOf1cfpe1SwFZl
XkfzKW8AQO6JfOQGDiCr3upG/7cEGwcOCy2bDViph4TaLbKm2x70SPZjkHpX4f2j
tICGii5bkOF0xpqlDAkU7o148R8tB0dIVLFwGndrt8iPPnO7s5syvQ7OJBpSR4fm
BG3X3eYBFdf9QW3EwJnuaFqEe8F+xiEi7HUsszcSbmE5R/kPKcQHh4WcA3FHe8PH
I6KNZTA24S4sJ3il3ObJajDlVTZHMIYTke/rpF/FGjz6QszyXBBIC9Iv21BFq/My
R4NEcE1KgOQ=
=HfLb
-----END PGP SIGNATURE-----