Cross-Site Scripting Vulnerability in Cisco Integrated Management Controller
CVE-2017-6618

5.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Integrated Management Controller
Vendor: CVE Published:; 20 April 2017

Summary

A cross-site scripting vulnerability exists in the web-based GUI of the Cisco Integrated Management Controller (IMC) 3.0(1c), allowing an authenticated remote attacker to execute arbitrary code in the context of the affected system. This vulnerability stems from inadequate validation of user-supplied input. By tricking an authenticated user into clicking a specially crafted link, an attacker could exploit this weakness to perform malicious actions within the web-based interface.

Affected Version(s)

Cisco Integrated Management Controller Cisco Integrated Management Controller

References

http://www.securityfocus.com/bid/97927

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 20, 2017
Vulnerability Reserved
Mar 9, 2017