Input validation

2021-05-0613:15:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.2%

JSON

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.

CPENameOperatorVersion
c125_m5_firmwareeq<= 4.12f
c220_m5_firmwareeq<= 4.12f
c220_m6_firmwareeq<= 4.12f
c225_m6_firmwareeq<= 4.12f
c240_m5_firmwareeq<= 4.12f
c240_m6_firmwareeq<= 4.12f
c245_m6_firmwareeq<= 4.12f
c480_m5_firmwareeq<= 4.12f
c480_ml_m5_firmwareeq<= 4.12f
encs_5100_firmwarele4.4.2

Name	Operator	Version
c125_m5_firmware	eq	<= 4.12f
c220_m5_firmware	eq	<= 4.12f
c220_m6_firmware	eq	<= 4.12f
c225_m6_firmware	eq	<= 4.12f
c240_m5_firmware	eq	<= 4.12f
c240_m6_firmware	eq	<= 4.12f
c245_m6_firmware	eq	<= 4.12f
c480_m5_firmware	eq	<= 4.12f
c480_ml_m5_firmware	eq	<= 4.12f
encs_5100_firmware	le	4.4.2