CVE-2017-6616

HIGH

Cisco Integrated Management Controller 3.0(1c) - Authenticated Remote Code Execution via HTTP Request

Title source: llm
STIX 2.1

Description

A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system. Cisco Bug IDs: CSCvd14578.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/97928

Scores

CVSS v3 8.8
EPSS 0.0424
EPSS Percentile 89.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (2)
cisco/integrated_management_controller_supervisor 3.0\(1c\)
n/a/Cisco Integrated Management Controller Cisco Integrated Management Controller
Published Apr 20, 2017
Tracked Since Feb 18, 2026