A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.

CWE: CWE-601

CVSS 2: HIGH – 7.2 (Version: 2.0)
CVSS 3: HIGH – 7.8 (Version: 3.1)


NVD – CVE-2021-1397
CVE – CVE-2021-1397

Link (max. 20) Quelle Tags
20210505 Cisco Integrated Management Controller Open Redirect Vulnerability CISCO Vendor Advisory

Quelle: NVD – CVE-2021-1397
Datum Veröffentlichung: 2021-05-06T13:15Z, Datum letzte Änderung: 2021-05-06T13:16Z