Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability
Description
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing authentication check in an API call in Cisco IMC Supervisor, UCS Director, and UCS Director Express for Big Data allows unauthenticated remote attackers to cause a denial of service by logging off all authenticated users.
Vulnerability
The vulnerability exists in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data. Due to a missing authentication check in an API call, an unauthenticated, remote attacker can cause all currently authenticated users to be logged off. The affected versions are those prior to fixed releases provided by Cisco [1].
Exploitation
An attacker can send a crafted request to the vulnerable API endpoint without any authentication. The attack requires network access to the affected system. No user interaction is needed. By sending a single request, the attacker can trigger a denial of service condition that logs off all current sessions. Repeated exploitation can prevent users from maintaining a session in the web-based management portal [1].
Impact
Successful exploitation results in a denial of service condition, preventing authenticated users from accessing the web-based management interface. The impact is limited to availability; no data confidentiality or integrity is compromised. The attacker does not gain any privileged access [1].
Mitigation
Cisco has released fixed software updates to address the vulnerability. Customers should upgrade to the appropriate fixed versions as indicated in the Cisco Security Advisory [1]. No workarounds are available. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-imc-dosmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.