CVE-2021-1397: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker…

medium6.1CVSS 3.1

AVNACLPRNUIRSCCLILAN

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.

Affected

27 ranges· showing 25

Vendor	Product	Version range	Fixed in
cisco	c125_m5_firmware	<= 4.1\(2f\)	—
cisco	c220_m5_firmware	<= 4.1\(2f\)	—
cisco	c220_m6_firmware	<= 4.1\(2f\)	—
cisco	c225_m6_firmware	<= 4.1\(2f\)	—
cisco	c240_m5_firmware	<= 4.1\(2f\)	—
cisco	c240_m6_firmware	<= 4.1\(2f\)	—
cisco	c245_m6_firmware	<= 4.1\(2f\)	—
cisco	c480_m5_firmware	<= 4.1\(2f\)	—
cisco	c480_ml_m5_firmware	<= 4.1\(2f\)	—
cisco	cisco_unified_computing_system	—	—
cisco	encs_5100_firmware	<= 4.4.2	—
cisco	encs_5400_firmware	<= 4.4.2	—
cisco	integrated_management_controller	< 3.2\(12.4\)	3.2\(12.4\)
cisco	integrated_management_controller_open_redirect	—	—
cisco	ucs-e1120d-m3_firmware	<= 3.2\(11.5\)	—
cisco	ucs-e140d_firmware	<= 3.2\(11.5\)	—
cisco	ucs-e140dp_firmware	<= 3.2\(11.5\)	—
cisco	ucs-e140s-m1_firmware	<= 3.2\(11.5\)	—
cisco	ucs-e140s-m2_firmware	<= 3.2\(11.5\)	—
cisco	ucs-e140s_firmware	<= 3.2\(11.5\)	—
cisco	ucs-e160d_firmware	<= 3.2\(11.5\)	—
cisco	ucs-e160dp-m1_firmware	<= 3.2\(11.5\)	—
cisco	ucs-e160s-m3_firmware	<= 3.2\(11.5\)	—
cisco	ucs-e180d-m2_firmware	<= 3.2\(11.5\)	—
cisco	ucs-e180d-m3_firmware	<= 3.2\(11.5\)	—