CVE-2017-6619

HIGH

Cisco Integrated Management Controller 3.0(1c) - Authenticated Remote Code Execution via HTTP POST Request

Title source: llm
STIX 2.1

Description

A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/97925

Scores

CVSS v3 8.8
EPSS 0.0264
EPSS Percentile 83.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (2)
cisco/integrated_management_controller_supervisor 3.0\(1c\)
n/a/Cisco Integrated Management Controller Cisco Integrated Management Controller
Published Apr 20, 2017
Tracked Since Feb 18, 2026