CVE-2021-1397
Cisco Integrated Management Controller Open Redirect Vulnerability
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.7EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
06 mai 2021Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Produtos afetados
Cisco · Cisco Unified Computing System (Standalone)Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →