PT-2021-3254 · Cisco · Cisco Integrated Management Controller (Imc)
Published
2021-05-05
·
Updated
2021-05-26
·
CVE-2021-1397
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Integrated Management Controller (IMC) Software (affected versions not specified)
Description
A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to redirect a user to a malicious web page due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link, allowing the attacker to redirect a user to a malicious website. This issue is known as an open redirect attack, used in phishing attacks to get users to visit malicious sites without their knowledge.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Integrated Management Controller (Imc)