CVE-2021-1397

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.

CVSS v3 4.7 MEDIUM
CVSS v2.0 5.8 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:integrated_management_controller::::::::
	cpe:2.3:a:cisco:ucs_manager::::::::

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:encs_5100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:encs_5100:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cisco:encs_5400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:encs_5400:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:cisco:c220_m6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:c220_m6:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:cisco:c225_m6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:c225_m6:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:cisco:c240_m6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:c240_m6:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:cisco:c245_m6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:c245_m6:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:cisco:c125_m5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:c125_m5:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:cisco:c220_m5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:c220_m5:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:cisco:c240_m5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:c240_m5:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:cisco:c480_m5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:c480_m5:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:cisco:c480_ml_m5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:c480_ml_m5:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:cisco:ucs-e140s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ucs-e140s:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:cisco:ucs-e140d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ucs-e140d:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:cisco:ucs-e160d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ucs-e160d:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:cisco:ucs-e160s-m3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ucs-e160s-m3:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:cisco:ucs-e180d-m3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ucs-e180d-m3:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:cisco:ucs-e1120d-m3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ucs-e1120d-m3:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:cisco:ucs-e140s-m2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ucs-e140s-m2:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:cisco:ucs-e160d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ucs-e160d:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:cisco:ucs-e180d-m2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ucs-e180d-m2:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:cisco:ucs-e140s-m1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ucs-e140s-m1:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:cisco:ucs-e140d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ucs-e140d:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:cisco:ucs-e140dp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ucs-e140dp:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:cisco:ucs-e160d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ucs-e160d:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:cisco:ucs-e160dp-m1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ucs-e160dp-m1:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:cisco:ucs_s3260_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ucs_s3260:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:44

Type	Values Removed	Values Added
CVSS	v2 : ~~5.8~~ v3 : ~~6.1~~	v2 : 5.8 v3 : 4.7
References	~~() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2 - Vendor Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2 - Vendor Advisory

Information

Published : 2021-05-06 13:15

Updated : 2024-11-21 05:44

NVD link : CVE-2021-1397

Mitre link : CVE-2021-1397

CVE.ORG link : CVE-2021-1397

JSON object : View

Products Affected

cisco

c240_m5_firmware
c220_m5_firmware
ucs-e140s-m1_firmware
encs_5400_firmware
ucs-e180d-m2_firmware
encs_5400
ucs-e160dp-m1_firmware
ucs_s3260
integrated_management_controller
c480_ml_m5_firmware
ucs-e160s-m3_firmware
c125_m5_firmware
c125_m5
ucs-e140s-m1
c225_m6
c220_m6_firmware
c480_m5_firmware
encs_5100_firmware
ucs-e180d-m3_firmware
c220_m5
ucs-e140s_firmware
ucs-e140d
c240_m6_firmware
ucs-e180d-m3
ucs_manager
c240_m6
ucs_s3260_firmware
ucs-e140dp_firmware
ucs-e160d
c220_m6
ucs-e160s-m3
ucs-e140dp
c245_m6
c245_m6_firmware
ucs-e1120d-m3_firmware
ucs-e160d_firmware
ucs-e160dp-m1
ucs-e140d_firmware
c480_m5
ucs-e140s
c240_m5
c225_m6_firmware
ucs-e180d-m2
ucs-e1120d-m3
ucs-e140s-m2
encs_5100
ucs-e140s-m2_firmware
c480_ml_m5

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

4.7 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

5.8 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2021-1397

4.7^/10

5.8^/10

Attach tags to `CVE-2021-1397`