CVE-2017-6604
Published Apr 7, 2017
Last updated 7 years ago
Overview
- Description
- A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-601
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_computing_system:2.2\\(8b\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F41C403-6B27-48FC-8558-4648DEB5F59B"
},
{
"criteria": "cpe:2.3:a:cisco:unified_computing_system:3.0\\(1c\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F96C8D0C-B97C-4F92-A15E-52E312CB7837"
},
{
"criteria": "cpe:2.3:a:cisco:unified_computing_system:3.1\\(2c\\)b:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "192449A4-B643-4E06-8F41-021EBB5D66F4"
}
],
"operator": "OR"
}
]
}
]