Lucene search

[email protected]CVE-2021-1397

HistoryMay 06, 2021 - 1:15 p.m.

CVE-2021-1397

2021-05-0613:15:09

CWE-601

[email protected]

web.nvd.nist.gov

cisco

imc software

vulnerability

remote attack

redirect

input validation

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.1%

JSON

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.

Affected configurations

NVD

Node

ciscointegrated_management_controllerRange<3.2\(12.4\)

ciscoucs_managerRange≤4.1\(3b\)

Node

ciscoencs_5100_firmwareRange≤4.4.2

AND

ciscoencs_5100Match-

Node

ciscoencs_5400_firmwareRange≤4.4.2

AND

ciscoencs_5400Match-

Node

ciscoc220_m6_firmwareRange≤4.1\(2f\)

AND

ciscoc220_m6Match-

Node

ciscoc225_m6_firmwareRange≤4.1\(2f\)

AND

ciscoc225_m6Match-

Node

ciscoc240_m6_firmwareRange≤4.1\(2f\)

AND

ciscoc240_m6Match-

Node

ciscoc245_m6_firmwareRange≤4.1\(2f\)

AND

ciscoc245_m6Match-

Node

ciscoc125_m5_firmwareRange≤4.1\(2f\)

AND

ciscoc125_m5Match-

Node

ciscoc220_m5_firmwareRange≤4.1\(2f\)

AND

ciscoc220_m5Match-

Node

ciscoc240_m5_firmwareRange≤4.1\(2f\)

AND

ciscoc240_m5Match-

Node

ciscoc480_m5_firmwareRange≤4.1\(2f\)

AND

ciscoc480_m5Match-

Node

ciscoc480_ml_m5_firmwareRange≤4.1\(2f\)

AND

ciscoc480_ml_m5Match-

Node

ciscoucs-e140s_firmwareRange≤3.2\(11.5\)

AND

ciscoucs-e140sMatch-

Node

ciscoucs-e140d_firmwareRange≤3.2\(11.5\)

AND

ciscoucs-e140dMatch-

Node

ciscoucs-e160d_firmwareRange≤3.2\(11.5\)

AND

ciscoucs-e160dMatch-

Node

ciscoucs-e160s-m3_firmwareRange≤3.2\(11.5\)

AND

ciscoucs-e160s-m3Match-

Node

ciscoucs-e180d-m3_firmwareRange≤3.2\(11.5\)

AND

ciscoucs-e180d-m3Match-

Node

ciscoucs-e1120d-m3_firmwareRange≤3.2\(11.5\)

AND

ciscoucs-e1120d-m3Match-

Node

ciscoucs-e140s-m2_firmwareRange≤3.2\(11.5\)

AND

ciscoucs-e140s-m2Match-

Node

ciscoucs-e160d_firmwareRange≤3.2\(11.5\)

AND

ciscoucs-e160dMatch-

Node

ciscoucs-e180d-m2_firmwareRange≤3.2\(11.5\)

AND

ciscoucs-e180d-m2Match-

Node

ciscoucs-e140s-m1_firmwareRange≤3.2\(11.5\)

AND

ciscoucs-e140s-m1Match-

Node

ciscoucs-e140d_firmwareRange≤3.2\(11.5\)

AND

ciscoucs-e140dMatch-

Node

ciscoucs-e140dp_firmwareRange≤3.2\(11.5\)

AND

ciscoucs-e140dpMatch-

Node

ciscoucs-e160d_firmwareRange≤3.2\(11.5\)

AND

ciscoucs-e160dMatch-

Node

ciscoucs-e160dp-m1_firmwareRange≤3.2\(11.5\)

AND

ciscoucs-e160dp-m1Match-

Node

ciscoucs_s3260_firmwareRange≤4.0\(2o\)

AND

ciscoucs_s3260Match-

CPENameOperatorVersion
cisco:integrated_management_controllercisco integrated management controllerlt3.2\(12.4\)
cisco:ucs_managercisco ucs managerle4.1\(3b\)

CPE	Name	Operator	Version
cisco:integrated_management_controller	cisco integrated management controller	lt	3.2\(12.4\)
cisco:ucs_manager	cisco ucs manager	le	4.1\(3b\)

CNA Affected

[
  {
    "product": "Cisco Unified Computing System (Standalone) ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2

Social References

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.1%

JSON

Related for CVE-2021-1397

prion1 cvelist1 nvd1 cisco1