CVE-2021-1397

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.

Severity	MEDIUM
CVSS	4.7
EPSS	0.18% EPSS low
CWE	CWE-601
KEV
Published	5 years ago
Modified	1 year ago

Public Affected Products

Product	Advisory	Evidence
Cisco Enterprise NFV Infrastructure Software	cisco-sa-imc-openred-zAYrU6d2	Cisco CSAF · structured affected
Cisco Unified Computing System E-Series Software (UCSE)	cisco-sa-imc-openred-zAYrU6d2	Cisco CSAF · structured affected