Cisco UCS Virtual Keyboard Video Monitor (vKVM) Open Redirect Vulnerability

A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials. Note: The affected vKVM client is also included in Cisco UCS Manager.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

指向未可信站点的URL重定向(开放重定向)

Cisco Integrated Management Controller 输入验证错误漏洞

Cisco Integrated Management Controller（IMC）是美国思科（Cisco）公司的一套用于对UCS（统一计算系统）进行管理的软件。该软件支持HTTP、SSH访问等，并可对服务器进行开机、关机和重启等操作。 Cisco Integrated Management Controller存在输入验证错误漏洞，该漏洞源于vKVM端点验证不足，可能导致重定向攻击。

N/A

N/A