vulnerability

Cisco UCS: CVE-2017-6604: Unauthorized Redirect vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Apr 7, 2017	Apr 25, 2018	May 2, 2018

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Apr 7, 2017

Added

Apr 25, 2018

Modified

May 2, 2018

Description

A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B.

Solutions

cisco-ucs-manager-upgrade-2_2_8icisco-ucs-manager-upgrade-3_1_3a

References

BID-97457
CVE-2017-6604
https://attackerkb.com/topics/CVE-2017-6604
URL-http://www.securityfocus.com/bid/97457
URL-http://www.securitytracker.com/id/1038186
URL-https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today