CVE-2021-1397

Published: May 6, 2021Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.

Affected (25)

Products: Cisco: Integrated Management Controller, Ucs Manager, Encs 5100 Firmware, Encs 5400 Firmware, C220 M6 Firmware, C225 M6 Firmware, C240 M6 Firmware, C245 M6 Firmware, C125 M5 Firmware, C220 M5 Firmware, C240 M5 Firmware, C480 M5 Firmware, C480 Ml M5 Firmware, Ucs E140s Firmware, Ucs E160s M3 Firmware, Ucs E180d M3 Firmware, Ucs E1120d M3 Firmware, Ucs E140s M2 Firmware, Ucs E180d M2 Firmware, Ucs E140s M1 Firmware, Ucs E140d Firmware, Ucs E140dp Firmware, Ucs E160d Firmware, Ucs E160dp M1 Firmware, Ucs S3260 Firmware

Cisco

25 products

Integrated Management Controller

Ucs E160s M3 Firmware

Ucs E180d M3 Firmware

Ucs E1120d M3 Firmware

Ucs E140s M2 Firmware

Ucs E180d M2 Firmware

Ucs E140s M1 Firmware

Ucs E140d Firmware

Ucs E140dp Firmware

Ucs E160d Firmware

Ucs E160dp M1 Firmware

Ucs S3260 Firmware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Integrated Management Controller	Before 3.2\(12.4\)
Cisco Ucs Manager	Up to 4.1\(3b\)

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Encs 5100 Firmware	Up to 4.4.2

Running on/with	Platform Versions
Cisco Encs 5100	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Encs 5400 Firmware	Up to 4.4.2

Running on/with	Platform Versions
Cisco Encs 5400	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco C220 M6 Firmware	Up to 4.1\(2f\)

Running on/with	Platform Versions
Cisco C220 M6	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco C225 M6 Firmware	Up to 4.1\(2f\)

Running on/with	Platform Versions
Cisco C225 M6	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco C240 M6 Firmware	Up to 4.1\(2f\)

Running on/with	Platform Versions
Cisco C240 M6	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco C245 M6 Firmware	Up to 4.1\(2f\)

Running on/with	Platform Versions
Cisco C245 M6	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco C125 M5 Firmware	Up to 4.1\(2f\)

Running on/with	Platform Versions
Cisco C125 M5	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco C220 M5 Firmware	Up to 4.1\(2f\)

Running on/with	Platform Versions
Cisco C220 M5	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco C240 M5 Firmware	Up to 4.1\(2f\)

Running on/with	Platform Versions
Cisco C240 M5	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco C480 M5 Firmware	Up to 4.1\(2f\)

Running on/with	Platform Versions
Cisco C480 M5	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco C480 Ml M5 Firmware	Up to 4.1\(2f\)

Running on/with	Platform Versions
Cisco C480 Ml M5	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ucs E140s Firmware	Up to 3.2\(11.5\)

Running on/with	Platform Versions
Cisco Ucs E140s	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ucs E160s M3 Firmware	Up to 3.2\(11.5\)

Running on/with	Platform Versions
Cisco Ucs E160s M3	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ucs E180d M3 Firmware	Up to 3.2\(11.5\)

Running on/with	Platform Versions
Cisco Ucs E180d M3	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ucs E1120d M3 Firmware	Up to 3.2\(11.5\)

Running on/with	Platform Versions
Cisco Ucs E1120d M3	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ucs E140s M2 Firmware	Up to 3.2\(11.5\)

Running on/with	Platform Versions
Cisco Ucs E140s M2	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ucs E180d M2 Firmware	Up to 3.2\(11.5\)

Running on/with	Platform Versions
Cisco Ucs E180d M2	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ucs E140s M1 Firmware	Up to 3.2\(11.5\)

Running on/with	Platform Versions
Cisco Ucs E140s M1	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ucs E140d Firmware	Up to 3.2\(11.5\)

Running on/with	Platform Versions
Cisco Ucs E140d	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ucs E140dp Firmware	Up to 3.2\(11.5\)

Running on/with	Platform Versions
Cisco Ucs E140dp	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ucs E160d Firmware	Up to 3.2\(11.5\)

Running on/with	Platform Versions
Cisco Ucs E160d	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ucs E160dp M1 Firmware	Up to 3.2\(11.5\)

Running on/with	Platform Versions
Cisco Ucs E160dp M1	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ucs S3260 Firmware	Up to 4.0\(2o\)

Running on/with	Platform Versions
Cisco Ucs S3260	All versions

Related CWEs

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.