Cisco Integrated Management Controller Redirection Vulnerability


Description   (:An open redirect vulnerability has been identified in Cisco Integrated Management Controller (IMC).:A remote attacker could exploit it by sending a crafted HTTP request in order to cause the web interface to redirect the request to a malicious URL.::The vulnerability is due to improper input validation of parameters in HTTP requests.)
     
Vulnerable Products   Vulnerable OS:
Unified Computing System (Cisco) - 2.2(8), 3.1(2), 3.1(2c)B
     
Solution   Cisco has released new versions of Integrated Management Controller (IMC) for Unified Computing System in order to fix this vulnerability.
     
CVE   CVE-2017-6604
     
References   - CSCvc37931 : Cisco Integrated Management Controller Redirection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2017-04-05 

 Target Type 
Client 

 Possible exploit 
Remote