VAR-201704-1342
Vulnerability from variot - Updated: 2023-12-18 13:48A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B. The Cisco Integrated Management Controller is a baseboard management controller that provides embedded server management for CiscoUCSC-SeriesRackServers. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. This issue is being tracked by Cisco Bug ID CSCvc37931. The vulnerability stems from the fact that the program does not correctly perform input validation on parameters in HTTP requests
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1342",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0\\(1c\\)"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.1\\(2c\\)b"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.2\\(8b\\)"
},
{
"model": "unified computing system c-series m4 rack server",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "3.1(2)"
},
{
"model": "unified computing system c-series m4 rack server",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "2.2(8)"
},
{
"model": "unified computing system c-series m3 rack server",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "3.1(2)"
},
{
"model": "unified computing system c-series m3 rack server",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "2.2(8)"
},
{
"model": "unified computing system b-series m3 blade server",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "3.1(2)"
},
{
"model": "unified computing system b-series m3 blade server",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "2.2(8)"
},
{
"model": "unified computing system",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "integrated management controller",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "computing system b-series m4 blade server",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1(2)"
},
{
"model": "computing system b-series m4 blade server",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.2(8)"
},
{
"model": "unified computing system b-series m4 blade server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(2)"
},
{
"model": "unified computing system b-series m4 blade server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2(8)"
},
{
"model": "integrated management controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05523"
},
{
"db": "BID",
"id": "97457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003061"
},
{
"db": "NVD",
"id": "CVE-2017-6604"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-426"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system:3.0\\(1c\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system:2.2\\(8b\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_computing_system:3.1\\(2c\\)b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6604"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "97457"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6604",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-6604",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-05523",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-114807",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-6604",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6604",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-05523",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-426",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114807",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05523"
},
{
"db": "VULHUB",
"id": "VHN-114807"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003061"
},
{
"db": "NVD",
"id": "CVE-2017-6604"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-426"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B. The Cisco Integrated Management Controller is a baseboard management controller that provides embedded server management for CiscoUCSC-SeriesRackServers. \nAn attacker can leverage this issue to conduct phishing attacks; other attacks are possible. \nThis issue is being tracked by Cisco Bug ID CSCvc37931. The vulnerability stems from the fact that the program does not correctly perform input validation on parameters in HTTP requests",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6604"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003061"
},
{
"db": "CNVD",
"id": "CNVD-2017-05523"
},
{
"db": "BID",
"id": "97457"
},
{
"db": "VULHUB",
"id": "VHN-114807"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6604",
"trust": 3.4
},
{
"db": "BID",
"id": "97457",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1038186",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003061",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-426",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-05523",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "36320",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114807",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05523"
},
{
"db": "VULHUB",
"id": "VHN-114807"
},
{
"db": "BID",
"id": "97457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003061"
},
{
"db": "NVD",
"id": "CVE-2017-6604"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-426"
}
]
},
"id": "VAR-201704-1342",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05523"
},
{
"db": "VULHUB",
"id": "VHN-114807"
}
],
"trust": 1.4222222333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05523"
}
]
},
"last_update_date": "2023-12-18T13:48:39.334000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170405-cimc",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-cimc"
},
{
"title": "Patch for CiscoIntegratedManagementController Open Redirection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/92871"
},
{
"title": "Multiple Cisco product Integrated Management Controller Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75146"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003061"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-426"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114807"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003061"
},
{
"db": "NVD",
"id": "CVE-2017-6604"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-cimc"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/97457"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1038186"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6604"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6604"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/36320"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05523"
},
{
"db": "VULHUB",
"id": "VHN-114807"
},
{
"db": "BID",
"id": "97457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003061"
},
{
"db": "NVD",
"id": "CVE-2017-6604"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-426"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-05523"
},
{
"db": "VULHUB",
"id": "VHN-114807"
},
{
"db": "BID",
"id": "97457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003061"
},
{
"db": "NVD",
"id": "CVE-2017-6604"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-426"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05523"
},
{
"date": "2017-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-114807"
},
{
"date": "2017-04-05T00:00:00",
"db": "BID",
"id": "97457"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003061"
},
{
"date": "2017-04-07T17:59:00.763000",
"db": "NVD",
"id": "CVE-2017-6604"
},
{
"date": "2017-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-426"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05523"
},
{
"date": "2017-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-114807"
},
{
"date": "2017-04-11T00:03:00",
"db": "BID",
"id": "97457"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003061"
},
{
"date": "2017-07-12T01:29:18.550000",
"db": "NVD",
"id": "CVE-2017-6604"
},
{
"date": "2017-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-426"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-426"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Integrated Management Controller Software redirected vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003061"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-426"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…