A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root.
| Vendor | Product | Versions |
|---|---|---|
| cis | cisco integrated management controller (imc) | 4.1.1, 3.9.1, 3.5.2, 3.12.2, 3.6.2, 3.9.2, 3.11.3, 3.11.1, 3.5.1, 3.3.1, 3.10.2, 3.12.1b, 3.4.1, 3.12.1a, 3.6.3, 3.8.1, 3.11.2, 3.12.1, 3.12.3, 3.10.1, 3.6.1, 3.10.3, 3.7.1, 4.1.2, 4.2.1, 4.2.2, 4.4.1, 4.4.2, 4.5.1, 4.4.3, 4.6.1, 4.7.1, 4.6.2-FC2, 4.6.2-FC3, 4.6.2, 4.8.1, 4.8.2, 4.9.1, 4.6.3, 4.9.2-FC5, 4.9.2, 4.10.1, 4.9.3, 4.11.1, 4.9.4, 4.12.1, 4.6.4, 4.12.2, 4.13.1, 4.9.4-ES8, 4.9.5, 4.12.3, 4.6.5-ES1, 4.9.4-ES9, 4.14.1, 4.6.3-FC4, 4.9.4-FC3, 4.12.4, 4.15.1, 4.9.6, 4.16.1, 4.15.2, 4.12.5, 4.15.3, 4.15.4, 4.18.1, 4.12.6, 4.18.2, 4.18.2a, 4.0(2g), 3.1(2i), 3.1(1d), 4.0(4i), 4.1(1c), 4.0(2c), 4.0(1e), 4.0(2h), 4.0(4h), 4.0(1h), 4.0(2l), 3.1(3g), 4.0(1.240), 4.0(2f), 4.0(1g), 4.0(2i), 3.1(3i), 4.0(4d), 4.1(1d), 3.1(3c), 4.0(4k), 3.1(2d), 3.1(3a), 3.1(3j), 4.0(2d), 4.1(1f), 4.0(4j), 4.0(2m), 4.0(2k), 4.0(1c), 4.0(4f), 4.0(4c), 3.1(3d), 3.1(2g), 3.1(2c), 4.0(1d), 3.1(2e), 4.0(1a), 4.0(1b), 3.1(3b), 4.0(4b), 3.1(2b), 4.0(4e), 3.1(3h), 4.0(4l), 4.1(1g), 4.1(2a), 4.0(2n), 4.1(1h), 3.1(3k), 4.1(2b), 4.0(2o), 4.0(4m), 4.1(2d), 4.1(3b), 4.0(2p), 4.1(2e), 4.1(2f), 4.0(4n), 4.0(2q), 4.1(3c), 4.0(2r), 4.1(3d), 4.1(2g), 4.1(2h), 4.1(3g), 4.1(3f), 4.1(2j), 4.1(2k), 4.1(3h), 4.2(2a), 4.1(3i), 4.2(2f), 4.2(2g), 4.2(3b), 4.1(3l), 4.2(3d), 4.3(1.230097), 4.2(1e), 4.2(1b), 4.2(1j), 4.2(1i), 4.2(1f), 4.2(1a), 4.2(1c), 4.2(1g), 4.3(1.230124), 4.1(2l), 4.2(3e), 4.3(1.230138), 4.2(3g), 4.3(2.230207), 4.2(3h), 4.2(3i), 4.3(2.230270), 4.1(3m), 4.1(2m), 4.3(2.240002), 4.3(3.240022), 4.2(3j), 4.1(3n), 4.3(2.240009), 4.3(3.240041), 4.2(3k), 4.3(3.240043), 4.3(4.240142), 4.3(2.240037), 4.3(2.240053), 4.3(4.240152), 4.2(3l), 4.3(2.240077), 4.3(4.242028), 4.3(4.241063), 4.3(4.242038), 4.2(3m), 4.3(2.240090), 4.3(5.240021), 4.3(2.240107), 4.3(4.242066), 4.2(3n), 4.3(5.250001), 4.2(3o), 4.3(2.250016), 4.3(2.250021), 4.3(5.250030), 4.3(2.250022), 4.3(6.250039), 4.3(6.250040), 4.3(5.250033), 4.3(6.250044), 4.3(6.250053), 4.3(2.250037), 4.3(2.250045), 4.3(4.252001), 4.3(4.252002), 6.0(1.250127), 4.2(3p), 6.0(1.250131), 4.3(6.250101), 6.0(1.250174), 4.3(6.250117), 4.3(5.250043), 4.3(5.250045), 4.3(6.250060), 6.0(1.250130), 4.3(4.241014), 4.3(2.250063), 6.0(1.250192), 4.3(6.260003), 6.0(1.250194), 3.2.7, 3.2.6, 3.2.4, 3.2.10, 3.2.2, 3.2.3, 2.4.0, 3.2.1, 3.2.11.1, 3.2.8, 3.1.1, 3.0.2, 2.1.0, 2.2.2, 3.1.2, 3.0.1, 2.3.2, 2.3.5, 2.2.1, 3.1.4, 2.4.1, 2.3.1, 3.1.3, 2.3.3, 2.4.2, 3.1.5, 3.1.0, 2.0.0, 3.2.11.3, 3.2.11.5, 3.2.12.2, 3.2.13.6, 3.2.14, 4.11.1, 3.2.15, 4.12.1, 3.2.15.3, 4.12.2, 3.2.16.1, 4.00, 4.15.2, 4.02 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| cis | integrated management | cert_advisory | 90% |
Updated vendor to Cisco, product details, severity to CRITICAL, and noted that no exploit exists.
Initial creation
