VDB
CVE-2021-1397
CVE-2021-1397
PUBLISHED
CVSS 4.699999809265137 MEDIUM
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge.
EPSS 0.18% · 39.4th percentile
Risk Scores
CVSS 3.1
4.699999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
EPSS Score
0.18%
39.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Unified Computing System (Standalone) | * |
| cisco | c240_m5_firmware | 0 |
| cisco | ucs-e180d-m3_firmware | 0 |
| cisco | ucs-e1120d-m3_firmware | 0 |
| cisco | c480_ml_m5_firmware | 0 |
| cisco | ucs-e140s-m2_firmware | 0 |
| cisco | ucs-e140dp_firmware | 0 |
| cisco | ucs-e180d-m2_firmware | 0 |
| cisco | c220_m6_firmware | 0 |
| cisco | c240_m6_firmware | 0 |
| cisco | c125_m5_firmware | 0 |
| cisco | ucs_manager | 0 |
| cisco | ucs-e140d_firmware | 0, 0 |
| cisco | ucs-e140s_firmware | 0 |
| cisco | encs_5100_firmware | 0 |
| cisco | encs_5400_firmware | 0 |
| cisco | c220_m5_firmware | 0 |
| cisco | c245_m6_firmware | 0 |
| cisco | ucs-e140s-m1_firmware | 0 |
| cisco | ucs-e160s-m3_firmware | 0 |
…and 6 more
Exploit Intelligence
Timeline
- May 6, 2021 CVE Published
- May 7, 2021 EPSS Score
- Jul 10, 2021 EPSS Score
- Sep 10, 2021 EPSS Score
- Nov 11, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Mar 15, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 16, 2022 EPSS Score
- Jul 18, 2022 EPSS Score
- Sep 17, 2022 EPSS Score
- Nov 18, 2022 EPSS Score