What is the vulnerability ID of this Cisco vulnerability?

The vulnerability ID is CVE-2021-1397.

What is the severity level of CVE-2021-1397?

The severity level of CVE-2021-1397 is medium.

Which software is affected by CVE-2021-1397?

The affected software includes Cisco Integrated Management Controller (IMC) Software, Cisco UCS Manager, and Cisco Encs 5100 Firmware.

How does the vulnerability in CVE-2021-1397 occur?

The vulnerability occurs due to improper input validation of the parameters in an HTTP request in the web-based management interface of Cisco Integrated Management Controller (IMC) Software.

Is there a fix available for CVE-2021-1397?

Yes, Cisco has released software updates to address the vulnerability. Please refer to the reference link for more information.

Vulnerability/
CVE-2021-1397

medium

6.1

CWE

601 20

5/5/2021

3/8/2024

CVE-2021-1397: Cisco Integrated Management Controller Open Redirect Vulnerability

First published: Wed May 05 2021(Updated: )

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Integrated Management Controller	<3.2\(12.4\)
Cisco UCS Manager	<=4.1\(3b\)
Cisco Encs 5100 Firmware	<=4.4.2
Cisco Encs 5100
Cisco Encs 5400 Firmware	<=4.4.2
Cisco Encs 5400
Cisco C220 M6 Firmware	<=4.1\(2f\)
Cisco C220 M6
Cisco C225 M6 Firmware	<=4.1\(2f\)
Cisco C225 M6
Cisco C240 M6 Firmware	<=4.1\(2f\)
Cisco C240 M6
Cisco C245 M6 Firmware	<=4.1\(2f\)
Cisco C245 M6
Cisco C125 M5 Firmware	<=4.1\(2f\)
Cisco C125 M5
Cisco C220 M5 Firmware	<=4.1\(2f\)
Cisco C220 M5
Cisco C240 M5 Firmware	<=4.1\(2f\)
Cisco C240 M5
Cisco C480 M5 Firmware	<=4.1\(2f\)
Cisco C480 M5
Cisco C480 Ml M5 Firmware	<=4.1\(2f\)
Cisco C480 Ml M5
Cisco Ucs-e140s Firmware	<=3.2\(11.5\)
Cisco Ucs-e140s
Cisco Ucs-e140d Firmware	<=3.2\(11.5\)
Cisco Ucs-e140d
Cisco Ucs-e160d Firmware	<=3.2\(11.5\)
Cisco Ucs-e160d
Cisco Ucs-e160s-m3 Firmware	<=3.2\(11.5\)
Cisco Ucs-e160s-m3
Cisco Ucs-e180d-m3 Firmware	<=3.2\(11.5\)
Cisco Ucs-e180d-m3
Cisco Ucs-e1120d-m3 Firmware	<=3.2\(11.5\)
Cisco Ucs-e1120d-m3
Cisco Ucs-e140s-m2 Firmware	<=3.2\(11.5\)
Cisco Ucs-e140s-m2
Cisco Ucs-e180d-m2 Firmware	<=3.2\(11.5\)
Cisco Ucs-e180d-m2
Cisco Ucs-e140s-m1 Firmware	<=3.2\(11.5\)
Cisco Ucs-e140s-m1
Cisco Ucs-e140dp Firmware	<=3.2\(11.5\)
Cisco Ucs-e140dp
Cisco Ucs-e160dp-m1 Firmware	<=3.2\(11.5\)
Cisco Ucs-e160dp-m1
Cisco Ucs S3260 Firmware	<=4.0\(2o\)
Cisco Ucs S3260

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2

Frequently Asked Questions

What is the vulnerability ID of this Cisco vulnerability?
The vulnerability ID is CVE-2021-1397.
What is the severity level of CVE-2021-1397?
The severity level of CVE-2021-1397 is medium.
Which software is affected by CVE-2021-1397?
The affected software includes Cisco Integrated Management Controller (IMC) Software, Cisco UCS Manager, and Cisco Encs 5100 Firmware.
How does the vulnerability in CVE-2021-1397 occur?
The vulnerability occurs due to improper input validation of the parameters in an HTTP request in the web-based management interface of Cisco Integrated Management Controller (IMC) Software.
Is there a fix available for CVE-2021-1397?
Yes, Cisco has released software updates to address the vulnerability. Please refer to the reference link for more information.

agent/type
collector/nvd-index
agent/software-canonical-lookup-request
collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/title
agent/last-modified-date
agent/severity
agent/softwarecombine
agent/tags
agent/author
agent/description
agent/first-publish-date
agent/event
vendor/cisco
canonical/cisco integrated management controller
canonical/cisco ucs manager
version/cisco ucs manager/4.1\(3b\)
canonical/cisco encs 5100 firmware
version/cisco encs 5100 firmware/4.4.2
canonical/cisco encs 5100
canonical/cisco encs 5400 firmware
version/cisco encs 5400 firmware/4.4.2
canonical/cisco encs 5400
canonical/cisco c220 m6 firmware
version/cisco c220 m6 firmware/4.1\(2f\)
canonical/cisco c220 m6
canonical/cisco c225 m6 firmware
version/cisco c225 m6 firmware/4.1\(2f\)
canonical/cisco c225 m6
canonical/cisco c240 m6 firmware
version/cisco c240 m6 firmware/4.1\(2f\)
canonical/cisco c240 m6
canonical/cisco c245 m6 firmware
version/cisco c245 m6 firmware/4.1\(2f\)
canonical/cisco c245 m6
canonical/cisco c125 m5 firmware
version/cisco c125 m5 firmware/4.1\(2f\)
canonical/cisco c125 m5
canonical/cisco c220 m5 firmware
version/cisco c220 m5 firmware/4.1\(2f\)
canonical/cisco c220 m5
canonical/cisco c240 m5 firmware
version/cisco c240 m5 firmware/4.1\(2f\)
canonical/cisco c240 m5
canonical/cisco c480 m5 firmware
version/cisco c480 m5 firmware/4.1\(2f\)
canonical/cisco c480 m5
canonical/cisco c480 ml m5 firmware
version/cisco c480 ml m5 firmware/4.1\(2f\)
canonical/cisco c480 ml m5
canonical/cisco ucs-e140s firmware
version/cisco ucs-e140s firmware/3.2\(11.5\)
canonical/cisco ucs-e140s
canonical/cisco ucs-e140d firmware
version/cisco ucs-e140d firmware/3.2\(11.5\)
canonical/cisco ucs-e140d
canonical/cisco ucs-e160d firmware
version/cisco ucs-e160d firmware/3.2\(11.5\)
canonical/cisco ucs-e160d
canonical/cisco ucs-e160s-m3 firmware
version/cisco ucs-e160s-m3 firmware/3.2\(11.5\)
canonical/cisco ucs-e160s-m3
canonical/cisco ucs-e180d-m3 firmware
version/cisco ucs-e180d-m3 firmware/3.2\(11.5\)
canonical/cisco ucs-e180d-m3
canonical/cisco ucs-e1120d-m3 firmware
version/cisco ucs-e1120d-m3 firmware/3.2\(11.5\)
canonical/cisco ucs-e1120d-m3
canonical/cisco ucs-e140s-m2 firmware
version/cisco ucs-e140s-m2 firmware/3.2\(11.5\)
canonical/cisco ucs-e140s-m2
canonical/cisco ucs-e180d-m2 firmware
version/cisco ucs-e180d-m2 firmware/3.2\(11.5\)
canonical/cisco ucs-e180d-m2
canonical/cisco ucs-e140s-m1 firmware
version/cisco ucs-e140s-m1 firmware/3.2\(11.5\)
canonical/cisco ucs-e140s-m1
canonical/cisco ucs-e140dp firmware
version/cisco ucs-e140dp firmware/3.2\(11.5\)
canonical/cisco ucs-e140dp
canonical/cisco ucs-e160dp-m1 firmware
version/cisco ucs-e160dp-m1 firmware/3.2\(11.5\)
canonical/cisco ucs-e160dp-m1
canonical/cisco ucs s3260 firmware
version/cisco ucs s3260 firmware/4.0\(2o\)
canonical/cisco ucs s3260