CVE-2017-6619

Name of the Vulnerable Software and Affected Versions Cisco Integrated Management Controller (IMC) version 3.0(1c)

Description A vulnerability in the web-based GUI could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The issue exists because the software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this by sending an HTTP POST request with crafted, deserialized user data. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges, which could be used to conduct further attacks.

Recommendations For Cisco Integrated Management Controller (IMC) version 3.0(1c), consider restricting access to the web-based GUI until a patch is available. As a temporary workaround, avoid using deserialized user data in HTTP POST requests to minimize the risk of exploitation.