Sign-up

ID

VAR-201704-1342


CVE

CVE-2017-6604


TITLE

Cisco Integrated Management Controller Software redirected vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-003061

DESCRIPTION

A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B. The Cisco Integrated Management Controller is a baseboard management controller that provides embedded server management for CiscoUCSC-SeriesRackServers. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. This issue is being tracked by Cisco Bug ID CSCvc37931. The vulnerability stems from the fact that the program does not correctly perform input validation on parameters in HTTP requests

Trust: 2.52

sources: NVD: CVE-2017-6604 // JVNDB: JVNDB-2017-003061 // CNVD: CNVD-2017-05523 // BID: 97457 // VULHUB: VHN-114807

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-05523

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:eqversion:3.0\(1c\)

Trust: 1.6

vendor:ciscomodel:unified computing systemscope:eqversion:2.2\(8b\)

Trust: 1.6

vendor:ciscomodel:unified computing systemscope:eqversion:3.1\(2c\)b

Trust: 1.6

vendor:ciscomodel:unified computing system c-series m4 rack serverscope:eqversion:3.1(2)

Trust: 0.9

vendor:ciscomodel:unified computing system c-series m4 rack serverscope:eqversion:2.2(8)

Trust: 0.9

vendor:ciscomodel:unified computing system c-series m3 rack serverscope:eqversion:3.1(2)

Trust: 0.9

vendor:ciscomodel:unified computing system c-series m3 rack serverscope:eqversion:2.2(8)

Trust: 0.9

vendor:ciscomodel:unified computing system b-series m3 blade serverscope:eqversion:3.1(2)

Trust: 0.9

vendor:ciscomodel:unified computing system b-series m3 blade serverscope:eqversion:2.2(8)

Trust: 0.9

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:integrated management controllerscope: - version: -

Trust: 0.6

vendor:ciscomodel:computing system b-series m4 blade serverscope:eqversion:3.1(2)

Trust: 0.6

vendor:ciscomodel:computing system b-series m4 blade serverscope:eqversion:2.2(8)

Trust: 0.6

vendor:ciscomodel:unified computing system b-series m4 blade serverscope:eqversion:3.1(2)

Trust: 0.3

vendor:ciscomodel:unified computing system b-series m4 blade serverscope:eqversion:2.2(8)

Trust: 0.3

vendor:ciscomodel:integrated management controllerscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-05523 // BID: 97457 // JVNDB: JVNDB-2017-003061 // CNNVD: CNNVD-201704-426 // NVD: CVE-2017-6604

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6604
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6604
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-05523
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-426
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114807
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6604
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-05523
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114807
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6604
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-05523 // VULHUB: VHN-114807 // JVNDB: JVNDB-2017-003061 // CNNVD: CNNVD-201704-426 // NVD: CVE-2017-6604

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.9

sources: VULHUB: VHN-114807 // JVNDB: JVNDB-2017-003061 // NVD: CVE-2017-6604

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-426

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-426

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003061

PATCH
title:cisco-sa-20170405-cimcurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc
Trust: 0.8
title:Patch for CiscoIntegratedManagementController Open Redirection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/92871
Trust: 0.6
title:Multiple Cisco product Integrated Management Controller Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75146
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-05523 // 
            
            
            
            JVNDB: JVNDB-2017-003061 // 
            
            
            
            CNNVD: CNNVD-201704-426

EXTERNAL IDS
db:NVDid:CVE-2017-6604
Trust: 3.4
db:BIDid:97457
Trust: 2.0
db:SECTRACKid:1038186
Trust: 1.1
db:JVNDBid:JVNDB-2017-003061
Trust: 0.8
db:CNNVDid:CNNVD-201704-426
Trust: 0.7
db:CNVDid:CNVD-2017-05523
Trust: 0.6
db:NSFOCUSid:36320
Trust: 0.6
db:VULHUBid:VHN-114807
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-05523 // 
            
            
            
            VULHUB: VHN-114807 // 
            
            
            
            BID: 97457 // 
            
            
            
            JVNDB: JVNDB-2017-003061 // 
            
            
            
            CNNVD: CNNVD-201704-426 // 
            
            
            
            NVD: CVE-2017-6604

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-cimc
Trust: 2.6
url:http://www.securityfocus.com/bid/97457
Trust: 1.1
url:http://www.securitytracker.com/id/1038186
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6604
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6604
Trust: 0.8
url:http://www.nsfocus.net/vulndb/36320
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-05523 // 
            
            
            
            VULHUB: VHN-114807 // 
            
            
            
            BID: 97457 // 
            
            
            
            JVNDB: JVNDB-2017-003061 // 
            
            
            
            CNNVD: CNNVD-201704-426 // 
            
            
            
            NVD: CVE-2017-6604

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 97457

SOURCES
db:CNVDid:CNVD-2017-05523
db:VULHUBid:VHN-114807
db:BIDid:97457
db:JVNDBid:JVNDB-2017-003061
db:CNNVDid:CNNVD-201704-426
db:NVDid:CVE-2017-6604

LAST UPDATE DATE
2024-11-23T22:07:27.377000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-05523date:2017-04-27T00:00:00
db:VULHUBid:VHN-114807date:2017-07-12T00:00:00
db:BIDid:97457date:2017-04-11T00:03:00
db:JVNDBid:JVNDB-2017-003061date:2017-05-12T00:00:00
db:CNNVDid:CNNVD-201704-426date:2017-10-09T00:00:00
db:NVDid:CVE-2017-6604date:2024-11-21T03:30:06.070

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-05523date:2017-04-27T00:00:00
db:VULHUBid:VHN-114807date:2017-04-07T00:00:00
db:BIDid:97457date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2017-003061date:2017-05-12T00:00:00
db:CNNVDid:CNNVD-201704-426date:2017-04-07T00:00:00
db:NVDid:CVE-2017-6604date:2017-04-07T17:59:00.763