Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:cisco_integrated_management_controller:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductCisco Integrated Management Controller (5090186e-f0f3-542b-a41e-489bf925bae0)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2017-6619 vulnerable 2026-06-08 05:09:51.755414 Details available
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591.
Published: 2017-04-20T22:00:00.000Z
Updated: 2024-08-05T15:33:20.439Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-6618 vulnerable 2026-06-08 05:09:51.755084 Details available
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading an authenticated user of the web-based GUI on an affected system to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the web-based GUI on the affected system. Cisco Bug IDs: CSCvd14587.
Published: 2017-04-20T22:00:00.000Z
Updated: 2024-08-05T15:33:20.448Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-6617 vulnerable 2026-06-08 05:09:51.754632 Details available
A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583.
Published: 2017-04-20T22:00:00.000Z
Updated: 2024-08-05T15:33:20.434Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-6616 vulnerable 2026-06-08 05:09:51.752723 Details available
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system. Cisco Bug IDs: CSCvd14578.
Published: 2017-04-20T22:00:00.000Z
Updated: 2024-08-05T15:33:20.464Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-6604 vulnerable 2026-06-08 05:09:51.554678 Details available
A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B.
Published: 2017-04-07T17:00:00.000Z
Updated: 2024-08-05T15:33:20.437Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.