A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device.

The vulnerability is due to insufficient input validation.

An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device.
Successful exploitation could allow an authenticated attacker to elevate the privileges of user accounts configured on the device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device.

The vulnerability is due to insufficient input validation.

An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device.
Successful exploitation could allow an authenticated attacker to elevate the privileges of user accounts configured on the device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc

Security Impact Rating: High

CVE: CVE-2017-6619

Leave a Reply