Cisco Integrated Management Controller CVE-2017-6604 Open Redirection Vulnerability



Cisco Integrated Management Controller is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input.

An attacker can leverage this issue to conduct phishing attacks; other attacks are possible.

This issue is being tracked by Cisco Bug ID CSCvc37931.

This issue affects the following Cisco products running Cisco IMC Software:

Unified Computing System (UCS) B-Series M3 and M4 Blade Servers
Unified Computing System (UCS) C-Series M3 and M4 Rack Servers

Information

Bugtraq ID: 97457
Class: Input Validation Error
CVE: CVE-2017-6604

Remote: Yes
Local: No
Published: Apr 05 2017 12:00AM
Credit: The vendor reported this issue.
Vulnerable: Cisco Unified Computing System (UCS) C-Series M4 Rack Server 3.1(2)
Cisco Unified Computing System (UCS) C-Series M4 Rack Server 2.2(8)
Cisco Unified Computing System (UCS) C-Series M3 Rack Server 3.1(2)
Cisco Unified Computing System (UCS) C-Series M3 Rack Server 2.2(8)
Cisco Unified Computing System (UCS) B-Series M4 Blade Server 3.1(2)
Cisco Unified Computing System (UCS) B-Series M4 Blade Server 2.2(8)
Cisco Unified Computing System (UCS) B-Series M3 Blade Server 3.1(2)
Cisco Unified Computing System (UCS) B-Series M3 Blade Server 2.2(8)
Cisco Integrated Management Controller 0


Not Vulnerable:

Exploit


An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.


Source: www.securityfocus.com
Related Posts