A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. Cisco has assigned this vulnerability a SIR of High rather than Medium as the score indicates because additional security implications could occur when the attacker becomes root.
| Vendor | Product | Versions |
|---|---|---|
| cis | cisco integrated management | 4.0(2g), 3.1(2i), 3.1(1d), 4.0(4i), 4.1(1c), 4.0(2c), 4.0(1e), 4.0(2h), 4.0(4h), 4.0(1h), 4.0(2l), 3.1(3g), 4.0(1.240), 4.0(2f), 4.0(1g), 4.0(2i), 3.1(3i), 4.0(4d), 4.1(1d), 3.1(3c), 4.0(4k), 3.1(2d), 3.1(3a), 3.1(3j), 4.0(2d), 4.1(1f), 4.0(1c), 4.0(4f), 4.0(4c), 3.1(3d), 3.1(2g), 3.1(2c), 4.0(1d), 3.1(2e), 4.0(1a), 4.0(1b), 3.1(3b), 4.0(4b), 3.1(2b), 4.0(4e), 3.1(3h), 4.0(4l), 4.1(1g), 4.1(2a), 4.0(2n), 4.1(1h), 3.1(3k), 4.1(2b), 4.0(2o), 4.0(4m), 4.1(2d), 4.1(3b), 4.0(2p), 4.1(2e), 4.1(2f), 4.0(4n), 4.0(2q), 4.1(3c), 4.0(2r), 4.1(3d), 4.1(2g), 4.1(2h), 4.1(3f), 4.1(2j), 4.1(2k), 4.1(3h), 4.2(2a), 4.1(3i), 4.2(2f), 4.2(2g), 4.2(3b), 4.1(3l), 4.2(3d), 4.3(1.230097), 4.2(1e), 4.2(1b), 4.2(1j), 4.2(1i), 4.2(1f), 4.2(1a), 4.2(1c), 4.2(1g), 4.3(1.230124), 4.1(2l), 4.2(3e), 4.3(1.230138), 4.2(3g), 4.3(2.230207), 4.2(3h), 4.2(3i), 4.3(2.230270), 4.1(3m), 4.1(2m), 4.3(2.240002), 4.3(3.240022), 4.2(3j), 4.1(3n), 4.3(2.240009), 4.3(3.240043), 4.3(4.240142), 4.3(2.240037), 4.3(2.240053), 4.3(4.240152), 4.2(3l), 4.3(2.240077), 4.3(4.242028), 4.3(4.241063), 4.3(4.242038), 4.2(3m), 4.3(2.240090), 4.3(5.240021), 4.3(2.240107), 4.3(4.242066), 4.2(3n), 4.3(5.250001), 4.2(3o), 4.3(2.250016), 4.3(2.250021), 4.3(5.250030), 4.3(2.250022), 4.3(6.250040), 4.3(5.250033), 4.3(6.250044), 4.3(6.250053), 4.3(2.250037), 4.3(2.250045), 4.3(4.252001), 4.3(4.252002), 6.0(1.250127), 4.2(3p), 6.0(1.250131), 4.3(6.250101), 6.0(1.250174), 4.3(6.250117), 4.3(5.250043), 4.3(6.250039), 4.3(5.250045), 4.3(6.250060), 6.0(1.250130), 4.3(4.241014), 4.3(2.250063), 6.0(1.250192), 4.3(6.260003), 6.0(1.250194) |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| cis | integrated management | cert_advisory | 90% |
Updated vendor to Cisco, product to Unified Computing System, severity to CRITICAL, and affected versions to up to 6.0(1.250194).
Initial creation
