All the vulnerabilites related to Cisco - Cisco Unified Computing System (Standalone)
cve-2021-1397
Vulnerability from cvelistv5
Published
2021-05-06 12:42
Modified
2024-11-08 23:17
Severity ?
EPSS score ?
Summary
Cisco Integrated Management Controller Open Redirect Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2 | vendor-advisory, x_refsource_CISCO |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cisco | Cisco Unified Computing System (Standalone) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:11:16.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210505 Cisco Integrated Management Controller Open Redirect Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:43:58.144792Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T23:17:54.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-06T12:42:43",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210505 Cisco Integrated Management Controller Open Redirect Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2"
}
],
"source": {
"advisory": "cisco-sa-imc-openred-zAYrU6d2",
"defect": [
[
"CSCvv79920",
"CSCvx48060"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Integrated Management Controller Open Redirect Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-05-05T16:00:00",
"ID": "CVE-2021-1397",
"STATE": "PUBLIC",
"TITLE": "Cisco Integrated Management Controller Open Redirect Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Unified Computing System (Standalone)",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210505 Cisco Integrated Management Controller Open Redirect Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2"
}
]
},
"source": {
"advisory": "cisco-sa-imc-openred-zAYrU6d2",
"defect": [
[
"CSCvv79920",
"CSCvx48060"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1397",
"datePublished": "2021-05-06T12:42:43.586166Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-08T23:17:54.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-20317
Vulnerability from cvelistv5
Published
2025-08-27 16:23
Modified
2025-08-27 18:52
Severity ?
EPSS score ?
Summary
Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T18:51:46.552039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T18:52:07.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.1(1b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "3.2(3k)"
},
{
"status": "affected",
"version": "3.2(2c)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4g)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "4.0(2e)"
},
{
"status": "affected",
"version": "3.2(3g)"
},
{
"status": "affected",
"version": "4.0(4a)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "3.2(2d)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "3.2(3h)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.2(3a)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "3.2(3d)"
},
{
"status": "affected",
"version": "3.2(2b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.2(2e)"
},
{
"status": "affected",
"version": "4.0(2b)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "3.2(1d)"
},
{
"status": "affected",
"version": "3.2(3e)"
},
{
"status": "affected",
"version": "3.2(3l)"
},
{
"status": "affected",
"version": "3.2(3b)"
},
{
"status": "affected",
"version": "4.0(2a)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1e)"
},
{
"status": "affected",
"version": "3.2(3p)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.1(3a)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2c)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(4a)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1d)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(3e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(1k)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.2(1m)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(1n)"
},
{
"status": "affected",
"version": "4.1(3j)"
},
{
"status": "affected",
"version": "4.2(2c)"
},
{
"status": "affected",
"version": "4.2(2d)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3k)"
},
{
"status": "affected",
"version": "4.0(4o)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.3(2b)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2c)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.3(2e)"
},
{
"status": "affected",
"version": "4.3(3a)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(3c)"
},
{
"status": "affected",
"version": "4.3(4a)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(4c)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(4d)"
},
{
"status": "affected",
"version": "4.3(2f)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(5a)"
},
{
"status": "affected",
"version": "4.3(4e)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(4f)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5c)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(5d)"
},
{
"status": "affected",
"version": "4.3(5e)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.0(1a)"
},
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "2.0(13f)"
},
{
"status": "affected",
"version": "3.0(4n)"
},
{
"status": "affected",
"version": "2.0(3e)1"
},
{
"status": "affected",
"version": "3.0(3e)"
},
{
"status": "affected",
"version": "2.0(8h)"
},
{
"status": "affected",
"version": "2.0(10g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.0(3c)"
},
{
"status": "affected",
"version": "3.0(4m)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "3.0(3a)"
},
{
"status": "affected",
"version": "3.0(1d)"
},
{
"status": "affected",
"version": "2.0(9o)"
},
{
"status": "affected",
"version": "2.0(13n)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "2.0(13q)"
},
{
"status": "affected",
"version": "2.0(3j)1"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "2.0(9n)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "2.0(13o)"
},
{
"status": "affected",
"version": "2.0(6f)"
},
{
"status": "affected",
"version": "2.0(10c)"
},
{
"status": "affected",
"version": "2.0(8d)"
},
{
"status": "affected",
"version": "2.0(9m)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "3.0(4j)"
},
{
"status": "affected",
"version": "2.0(10i)"
},
{
"status": "affected",
"version": "3.0(3f)"
},
{
"status": "affected",
"version": "2.0(10l)"
},
{
"status": "affected",
"version": "2.0(12e)"
},
{
"status": "affected",
"version": "2.0(12i)"
},
{
"status": "affected",
"version": "2.0(10h)"
},
{
"status": "affected",
"version": "2.0(13e)"
},
{
"status": "affected",
"version": "3.0(4k)"
},
{
"status": "affected",
"version": "2.0(10b)"
},
{
"status": "affected",
"version": "2.0(6d)"
},
{
"status": "affected",
"version": "2.0(12b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "2.0(12h)"
},
{
"status": "affected",
"version": "2.0(10f)"
},
{
"status": "affected",
"version": "3.0(4l)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "2.0(3i)"
},
{
"status": "affected",
"version": "2.0(3f)3"
},
{
"status": "affected",
"version": "3.0(4a)"
},
{
"status": "affected",
"version": "2.0(13p)"
},
{
"status": "affected",
"version": "2.0(9l)"
},
{
"status": "affected",
"version": "2.0(12g)"
},
{
"status": "affected",
"version": "2.0(12c)"
},
{
"status": "affected",
"version": "2.0(12f)"
},
{
"status": "affected",
"version": "2.0(13k)"
},
{
"status": "affected",
"version": "3.0(3b)"
},
{
"status": "affected",
"version": "2.0(1b)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "2.0(4c)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "2.0(12d)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "3.0(4d)"
},
{
"status": "affected",
"version": "3.0(2b)"
},
{
"status": "affected",
"version": "2.0(3d)2"
},
{
"status": "affected",
"version": "2.0(3d)1"
},
{
"status": "affected",
"version": "2.0(9f)"
},
{
"status": "affected",
"version": "2.0(13h)"
},
{
"status": "affected",
"version": "3.0(4e)"
},
{
"status": "affected",
"version": "2.0(8g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "2.0(10e)"
},
{
"status": "affected",
"version": "2.0(13i)"
},
{
"status": "affected",
"version": "2.0(9c)"
},
{
"status": "affected",
"version": "2.0(4c)1"
},
{
"status": "affected",
"version": "3.0(1c)"
},
{
"status": "affected",
"version": "2.0(8e)"
},
{
"status": "affected",
"version": "2.0(9e)"
},
{
"status": "affected",
"version": "2.0(9p)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "3.0(4i)"
},
{
"status": "affected",
"version": "2.0(10k)"
},
{
"status": "affected",
"version": "3.0(4o)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "3.0(4p)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "3.0(4q)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "3.0(4r)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "3.0(4s)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "2.02"
},
{
"status": "affected",
"version": "4.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website.\r\n\r\nThis vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials.\r\nNote: The affected vKVM client is also included in Cisco UCS Manager."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:23:18.607Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ucs-vkvmorv-CnKrV7HK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK"
}
],
"source": {
"advisory": "cisco-sa-ucs-vkvmorv-CnKrV7HK",
"defects": [
"CSCwm57436"
],
"discovery": "INTERNAL"
},
"title": "Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20317",
"datePublished": "2025-08-27T16:23:18.607Z",
"dateReserved": "2024-10-10T19:15:13.253Z",
"dateUpdated": "2025-08-27T18:52:07.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20295
Vulnerability from cvelistv5
Published
2024-04-24 19:41
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:unified_computing_system:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_computing_system",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "4.3",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20295",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-25T18:37:12.600877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:08.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-mUx4c5AJ",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0(1c)"
},
{
"status": "affected",
"version": "3.0(1d)"
},
{
"status": "affected",
"version": "3.0(2b)"
},
{
"status": "affected",
"version": "3.0(3a)"
},
{
"status": "affected",
"version": "3.0(3b)"
},
{
"status": "affected",
"version": "3.0(3c)"
},
{
"status": "affected",
"version": "3.0(3e)"
},
{
"status": "affected",
"version": "3.0(3f)"
},
{
"status": "affected",
"version": "3.0(4a)"
},
{
"status": "affected",
"version": "3.0(4d)"
},
{
"status": "affected",
"version": "3.0(4e)"
},
{
"status": "affected",
"version": "3.0(4i)"
},
{
"status": "affected",
"version": "3.0(4j)"
},
{
"status": "affected",
"version": "3.0(4k)"
},
{
"status": "affected",
"version": "3.0(4l)"
},
{
"status": "affected",
"version": "3.0(4m)"
},
{
"status": "affected",
"version": "3.0(4n)"
},
{
"status": "affected",
"version": "3.0(4o)"
},
{
"status": "affected",
"version": "3.0(4p)"
},
{
"status": "affected",
"version": "3.0(4q)"
},
{
"status": "affected",
"version": "3.0(4r)"
},
{
"status": "affected",
"version": "3.0(4s)"
},
{
"status": "affected",
"version": "2.0(10b)"
},
{
"status": "affected",
"version": "2.0(10c)"
},
{
"status": "affected",
"version": "2.0(10e)"
},
{
"status": "affected",
"version": "2.0(10f)"
},
{
"status": "affected",
"version": "2.0(10g)"
},
{
"status": "affected",
"version": "2.0(10h)"
},
{
"status": "affected",
"version": "2.0(10i)"
},
{
"status": "affected",
"version": "2.0(10k)"
},
{
"status": "affected",
"version": "2.0(10l)"
},
{
"status": "affected",
"version": "2.0(12b)"
},
{
"status": "affected",
"version": "2.0(12c)"
},
{
"status": "affected",
"version": "2.0(12d)"
},
{
"status": "affected",
"version": "2.0(12e)"
},
{
"status": "affected",
"version": "2.0(12f)"
},
{
"status": "affected",
"version": "2.0(12g)"
},
{
"status": "affected",
"version": "2.0(12h)"
},
{
"status": "affected",
"version": "2.0(12i)"
},
{
"status": "affected",
"version": "2.0(13e)"
},
{
"status": "affected",
"version": "2.0(13f)"
},
{
"status": "affected",
"version": "2.0(13h)"
},
{
"status": "affected",
"version": "2.0(13i)"
},
{
"status": "affected",
"version": "2.0(13k)"
},
{
"status": "affected",
"version": "2.0(13n)"
},
{
"status": "affected",
"version": "2.0(13o)"
},
{
"status": "affected",
"version": "2.0(13p)"
},
{
"status": "affected",
"version": "2.0(13q)"
},
{
"status": "affected",
"version": "2.0(1a)"
},
{
"status": "affected",
"version": "2.0(1b)"
},
{
"status": "affected",
"version": "2.0(3d)1"
},
{
"status": "affected",
"version": "2.0(3d)2"
},
{
"status": "affected",
"version": "2.0(3e)1"
},
{
"status": "affected",
"version": "2.0(3f)3"
},
{
"status": "affected",
"version": "2.0(3i)"
},
{
"status": "affected",
"version": "2.0(3j)1"
},
{
"status": "affected",
"version": "2.0(4c)"
},
{
"status": "affected",
"version": "2.0(4c)1"
},
{
"status": "affected",
"version": "2.0(6d)"
},
{
"status": "affected",
"version": "2.0(6f)"
},
{
"status": "affected",
"version": "2.0(8d)"
},
{
"status": "affected",
"version": "2.0(8e)"
},
{
"status": "affected",
"version": "2.0(8g)"
},
{
"status": "affected",
"version": "2.0(8h)"
},
{
"status": "affected",
"version": "2.0(9c)"
},
{
"status": "affected",
"version": "2.0(9e)"
},
{
"status": "affected",
"version": "2.0(9f)"
},
{
"status": "affected",
"version": "2.0(9l)"
},
{
"status": "affected",
"version": "2.0(9m)"
},
{
"status": "affected",
"version": "2.0(9n)"
},
{
"status": "affected",
"version": "2.0(9o)"
},
{
"status": "affected",
"version": "2.0(9p)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
}
]
},
{
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-24T19:41:02.339Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-mUx4c5AJ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-mUx4c5AJ",
"defects": [
"CSCwi12864",
"CSCwi29799",
"CSCwi10842"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20295",
"datePublished": "2024-04-24T19:41:02.339Z",
"dateReserved": "2023-11-08T15:08:07.629Z",
"dateUpdated": "2024-08-01T21:59:41.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20356
Vulnerability from cvelistv5
Published
2024-04-24 19:40
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_computing_system",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_computing_system_e-series:4.12.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_computing_system_e-series",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20356",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-25T17:53:52.218954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:40:42.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-bLuPcb",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0(1c)"
},
{
"status": "affected",
"version": "3.0(1d)"
},
{
"status": "affected",
"version": "3.0(3a)"
},
{
"status": "affected",
"version": "3.0(3b)"
},
{
"status": "affected",
"version": "3.0(3e)"
},
{
"status": "affected",
"version": "3.0(4a)"
},
{
"status": "affected",
"version": "3.0(4d)"
},
{
"status": "affected",
"version": "3.0(4e)"
},
{
"status": "affected",
"version": "3.0(4i)"
},
{
"status": "affected",
"version": "3.0(4j)"
},
{
"status": "affected",
"version": "3.0(4k)"
},
{
"status": "affected",
"version": "3.0(4l)"
},
{
"status": "affected",
"version": "3.0(4m)"
},
{
"status": "affected",
"version": "3.0(4n)"
},
{
"status": "affected",
"version": "3.0(4o)"
},
{
"status": "affected",
"version": "3.0(4p)"
},
{
"status": "affected",
"version": "3.0(4q)"
},
{
"status": "affected",
"version": "3.0(4r)"
},
{
"status": "affected",
"version": "3.0(4s)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
}
]
},
{
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-24T19:40:33.312Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-bLuPcb",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-bLuPcb",
"defects": [
"CSCwi43005",
"CSCwj41082",
"CSCwi43001",
"CSCwi42996"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20356",
"datePublished": "2024-04-24T19:40:33.312Z",
"dateReserved": "2023-11-08T15:08:07.648Z",
"dateUpdated": "2024-08-01T21:59:41.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3470
Vulnerability from cvelistv5
Published
2020-11-18 17:41
Modified
2024-11-13 17:37
Severity ?
EPSS score ?
Summary
Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd | vendor-advisory, x_refsource_CISCO |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cisco | Cisco Unified Computing System (Standalone) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:37:54.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20201118 Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:10:44.002733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T17:37:58.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS)."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-18T17:41:18",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20201118 Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd"
}
],
"source": {
"advisory": "cisco-sa-ucs-api-rce-UXwpeDHd",
"defect": [
[
"CSCvu21215",
"CSCvu21222",
"CSCvu22429",
"CSCvu80203"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-11-18T16:00:00",
"ID": "CVE-2020-3470",
"STATE": "PUBLIC",
"TITLE": "Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Unified Computing System (Standalone)",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS)."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20201118 Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd"
}
]
},
"source": {
"advisory": "cisco-sa-ucs-api-rce-UXwpeDHd",
"defect": [
[
"CSCvu21215",
"CSCvu21222",
"CSCvu22429",
"CSCvu80203"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3470",
"datePublished": "2020-11-18T17:41:18.106724Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-13T17:37:58.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-20261
Vulnerability from cvelistv5
Published
2025-06-04 16:17
Modified
2025-06-05 03:55
Severity ?
EPSS score ?
Summary
Cisco Integrated Management Controller Privilege Escalation Vulnerability
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T03:55:25.213Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.1(1b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "3.2(3k)"
},
{
"status": "affected",
"version": "3.2(2c)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4g)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "4.0(2e)"
},
{
"status": "affected",
"version": "3.2(3g)"
},
{
"status": "affected",
"version": "4.0(4a)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "3.2(2d)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "3.2(3h)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.2(3a)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "3.2(3d)"
},
{
"status": "affected",
"version": "3.2(2b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.2(2e)"
},
{
"status": "affected",
"version": "4.0(2b)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "3.2(1d)"
},
{
"status": "affected",
"version": "3.2(3e)"
},
{
"status": "affected",
"version": "3.2(3l)"
},
{
"status": "affected",
"version": "3.2(3b)"
},
{
"status": "affected",
"version": "4.0(2a)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1e)"
},
{
"status": "affected",
"version": "3.2(3p)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.1(3a)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2c)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(4a)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1d)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(3e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1k)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.2(1m)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(1n)"
},
{
"status": "affected",
"version": "4.1(3j)"
},
{
"status": "affected",
"version": "4.2(2c)"
},
{
"status": "affected",
"version": "4.2(2d)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3k)"
},
{
"status": "affected",
"version": "4.0(4o)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.3(2b)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2c)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.3(2e)"
},
{
"status": "affected",
"version": "4.3(3a)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(3c)"
},
{
"status": "affected",
"version": "4.3(4a)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(2f)"
},
{
"status": "affected",
"version": "4.1(3n)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.1(3n)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.\r\n\r\nThis vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T16:17:54.028Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ucs-ssh-priv-esc-2mZDtdjM",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM"
}
],
"source": {
"advisory": "cisco-sa-ucs-ssh-priv-esc-2mZDtdjM",
"defects": [
"CSCwk24502"
],
"discovery": "INTERNAL"
},
"title": "Cisco Integrated Management Controller Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20261",
"datePublished": "2025-06-04T16:17:54.028Z",
"dateReserved": "2024-10-10T19:15:13.243Z",
"dateUpdated": "2025-06-05T03:55:25.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20228
Vulnerability from cvelistv5
Published
2023-08-16 20:59
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cimc-xss-UMYtYEtr",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-UMYtYEtr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
}
]
},
{
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "2.10"
},
{
"status": "affected",
"version": "3.06"
},
{
"status": "affected",
"version": "3.02"
},
{
"status": "affected",
"version": "4.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:25.643Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-xss-UMYtYEtr",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-UMYtYEtr"
}
],
"source": {
"advisory": "cisco-sa-cimc-xss-UMYtYEtr",
"defects": [
"CSCwe96259",
"CSCwf98681",
"CSCwh65092"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20228",
"datePublished": "2023-08-16T20:59:07.910Z",
"dateReserved": "2022-10-27T18:47:50.369Z",
"dateUpdated": "2024-08-02T09:05:35.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-20342
Vulnerability from cvelistv5
Published
2025-08-27 16:23
Modified
2025-08-27 17:38
Severity ?
EPSS score ?
Summary
Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T17:19:43.762688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T17:38:30.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.1(1b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "3.2(3k)"
},
{
"status": "affected",
"version": "3.2(2c)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "4.0(4g)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "4.0(2e)"
},
{
"status": "affected",
"version": "3.2(3g)"
},
{
"status": "affected",
"version": "4.0(4a)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "3.2(2d)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "3.2(3h)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.2(3a)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "3.2(3d)"
},
{
"status": "affected",
"version": "3.2(2b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.2(2e)"
},
{
"status": "affected",
"version": "4.0(2b)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "3.2(1d)"
},
{
"status": "affected",
"version": "3.2(3e)"
},
{
"status": "affected",
"version": "3.2(3l)"
},
{
"status": "affected",
"version": "3.2(3b)"
},
{
"status": "affected",
"version": "4.0(2a)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.1(1e)"
},
{
"status": "affected",
"version": "3.2(3p)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "4.1(3a)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.1(2c)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(4a)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1d)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(3e)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(1k)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.2(1m)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.2(1n)"
},
{
"status": "affected",
"version": "4.1(3j)"
},
{
"status": "affected",
"version": "4.2(2c)"
},
{
"status": "affected",
"version": "4.2(2d)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3k)"
},
{
"status": "affected",
"version": "4.0(4o)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.3(2b)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2c)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.3(2e)"
},
{
"status": "affected",
"version": "4.3(3a)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.3(3c)"
},
{
"status": "affected",
"version": "4.3(4a)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(4b)"
},
{
"status": "affected",
"version": "4.3(4c)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(4d)"
},
{
"status": "affected",
"version": "4.3(2f)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(5a)"
},
{
"status": "affected",
"version": "4.3(4e)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(4f)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5c)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(5d)"
},
{
"status": "affected",
"version": "4.3(5e)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.0(1a)"
},
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "2.0(13f)"
},
{
"status": "affected",
"version": "3.0(4n)"
},
{
"status": "affected",
"version": "2.0(3e)1"
},
{
"status": "affected",
"version": "3.0(3e)"
},
{
"status": "affected",
"version": "2.0(8h)"
},
{
"status": "affected",
"version": "2.0(10g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.0(3c)"
},
{
"status": "affected",
"version": "3.0(4m)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "3.0(3a)"
},
{
"status": "affected",
"version": "3.0(1d)"
},
{
"status": "affected",
"version": "2.0(9o)"
},
{
"status": "affected",
"version": "2.0(13n)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "2.0(13q)"
},
{
"status": "affected",
"version": "2.0(3j)1"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "2.0(9n)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "2.0(13o)"
},
{
"status": "affected",
"version": "2.0(6f)"
},
{
"status": "affected",
"version": "2.0(10c)"
},
{
"status": "affected",
"version": "2.0(8d)"
},
{
"status": "affected",
"version": "2.0(9m)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "3.0(4j)"
},
{
"status": "affected",
"version": "2.0(10i)"
},
{
"status": "affected",
"version": "3.0(3f)"
},
{
"status": "affected",
"version": "2.0(10l)"
},
{
"status": "affected",
"version": "2.0(12e)"
},
{
"status": "affected",
"version": "2.0(12i)"
},
{
"status": "affected",
"version": "2.0(10h)"
},
{
"status": "affected",
"version": "2.0(13e)"
},
{
"status": "affected",
"version": "3.0(4k)"
},
{
"status": "affected",
"version": "2.0(10b)"
},
{
"status": "affected",
"version": "2.0(6d)"
},
{
"status": "affected",
"version": "2.0(12b)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "2.0(12h)"
},
{
"status": "affected",
"version": "2.0(10f)"
},
{
"status": "affected",
"version": "3.0(4l)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "2.0(3i)"
},
{
"status": "affected",
"version": "2.0(3f)3"
},
{
"status": "affected",
"version": "3.0(4a)"
},
{
"status": "affected",
"version": "2.0(13p)"
},
{
"status": "affected",
"version": "2.0(9l)"
},
{
"status": "affected",
"version": "2.0(12g)"
},
{
"status": "affected",
"version": "2.0(12c)"
},
{
"status": "affected",
"version": "2.0(12f)"
},
{
"status": "affected",
"version": "2.0(13k)"
},
{
"status": "affected",
"version": "3.0(3b)"
},
{
"status": "affected",
"version": "2.0(1b)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "2.0(4c)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "2.0(12d)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "3.0(4d)"
},
{
"status": "affected",
"version": "3.0(2b)"
},
{
"status": "affected",
"version": "2.0(3d)2"
},
{
"status": "affected",
"version": "2.0(3d)1"
},
{
"status": "affected",
"version": "2.0(9f)"
},
{
"status": "affected",
"version": "2.0(13h)"
},
{
"status": "affected",
"version": "3.0(4e)"
},
{
"status": "affected",
"version": "2.0(8g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "2.0(10e)"
},
{
"status": "affected",
"version": "2.0(13i)"
},
{
"status": "affected",
"version": "2.0(9c)"
},
{
"status": "affected",
"version": "2.0(4c)1"
},
{
"status": "affected",
"version": "3.0(1c)"
},
{
"status": "affected",
"version": "2.0(8e)"
},
{
"status": "affected",
"version": "2.0(9e)"
},
{
"status": "affected",
"version": "2.0(9p)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "3.0(4i)"
},
{
"status": "affected",
"version": "2.0(10k)"
},
{
"status": "affected",
"version": "3.0(4o)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "3.0(4p)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "3.0(4q)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "3.0(4r)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "3.0(4s)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "2.02"
},
{
"status": "affected",
"version": "4.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid user credentials with privileges that allow for vKVM access on the affected device.\r\nNote: The affected vKVM client is also included in Cisco UCS Manager."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:23:18.618Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ucs-kvmsxss-6h7AnUyk",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-kvmsxss-6h7AnUyk"
}
],
"source": {
"advisory": "cisco-sa-ucs-kvmsxss-6h7AnUyk",
"defects": [
"CSCwm57433"
],
"discovery": "INTERNAL"
},
"title": "Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20342",
"datePublished": "2025-08-27T16:23:18.618Z",
"dateReserved": "2024-10-10T19:15:13.255Z",
"dateUpdated": "2025-08-27T17:38:30.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3371
Vulnerability from cvelistv5
Published
2020-11-06 18:16
Modified
2024-11-13 17:43
Severity ?
EPSS score ?
Summary
Cisco Integrated Management Controller Command Injection Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CIMC-CIV-pKDBe9x5 | vendor-advisory, x_refsource_CISCO |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cisco | Cisco Unified Computing System (Standalone) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:58.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20201104 Cisco Integrated Management Controller Command Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CIMC-CIV-pKDBe9x5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:22:30.699710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T17:43:50.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands at the underlying operating system level."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-06T18:16:08",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20201104 Cisco Integrated Management Controller Command Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CIMC-CIV-pKDBe9x5"
}
],
"source": {
"advisory": "cisco-sa-CIMC-CIV-pKDBe9x5",
"defect": [
[
"CSCvf61055",
"CSCvv12621"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Integrated Management Controller Command Injection Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-11-04T16:00:00",
"ID": "CVE-2020-3371",
"STATE": "PUBLIC",
"TITLE": "Cisco Integrated Management Controller Command Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Unified Computing System (Standalone)",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands at the underlying operating system level."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20201104 Cisco Integrated Management Controller Command Injection Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CIMC-CIV-pKDBe9x5"
}
]
},
"source": {
"advisory": "cisco-sa-CIMC-CIV-pKDBe9x5",
"defect": [
[
"CSCvf61055",
"CSCvv12621"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3371",
"datePublished": "2020-11-06T18:16:08.371625Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-13T17:43:50.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}