CVE-2021-1397
Description
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.18
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Integrated Management Controller Open Redirect Vulnerability For Cisco 5000 Series Enterprise Network Compute System | NCM |
| Cisco Integrated Management Controller Open Redirect Vulnerability For Cisco Unified Computing System | NCM |
| CVE-2021-1397 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1700011 | Security Update for Cisco 5000 Series Enterprise Network Compute System 4.1(1c) |
| PATCH-1706036 | Security Update for Cisco Unified Computing System 3.2(1d) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234