PT-2017-1788 · Cisco · Unified Computing System (Ucs) B-Series M3+3
Published
2017-04-07
·
Updated
2017-07-12
·
CVE-2017-6604
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Unified Computing System Central versions 3.1(2c)B
Cisco Integrated Management Controller (IMC) Software versions 3.1(2c)B
Description
The issue is related to an open redirect vulnerability in the web interface of the affected systems. This could allow a remote attacker to redirect users to a malicious web page. The vulnerability affects various Cisco products, including Unified Computing System (UCS) B-Series M3 and M4 Blade Servers and Unified Computing System (UCS) C-Series M3 and M4 Rack Servers.
Recommendations
For versions 3.1(2c)B, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Integrated Management Controller (Imc)
Cisco Unified Computing System Central
Unified Computing System (Ucs) B-Series M3
Unified Computing System (Ucs) B-Series M4