Cisco Integrated Management Controller CVE-2017-6616 Remote Code Execution Vulnerability

Cisco Integrated Management Controller is prone to a remote code-execution vulnerability because it fails to properly sanitize user-supplied input.

Successful exploit allows an attacker to execute arbitrary code within the context of the user on the affected system.

This issue is being tracked by Cisco Bug ID CSCvd14578 .

Information

Bugtraq ID: 97928
Class: Input Validation Error
CVE: CVE-2017-6616

Remote: Yes
Local: No
Published: Apr 19 2017 12:00AM
Updated: Apr 19 2017 12:00AM
Credit: Cisco
Vulnerable: Cisco Unified Computing System 3.0(1c)
Cisco Integrated Management Controller 0

Not Vulnerable: Cisco Unified Computing System 3.0(1d)

References:

• Cisco Homepage (Cisco )
  
• Cisco Integrated Management Controller Arbitrary Code Execution Vulnerability (Cisco)
  

Source: www.securityfocus.com