CVE-2017-6616

Name of the Vulnerable Software and Affected Versions Cisco Integrated Management Controller (IMC) version 3.0(1c)

Description A vulnerability in the web-based GUI could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The issue exists because the software does not sufficiently sanitize specific values received as part of a user-supplied HTTP request. An attacker could exploit this by sending a crafted HTTP request. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system.

Recommendations For Cisco Integrated Management Controller (IMC) version 3.0(1c), update the software to a version that includes the fix for Cisco Bug ID: CSCvd14578.