CNNVD-202508-3211 Information
CNNVD ID
CNNVD-202508-3211
Related CVE
- CNNVD Published: 2025-08-27
Description (Chinese)
Cisco Integrated Management Controller(IMC)是美国思科(Cisco)公司的一套用于对UCS(统一计算系统)进行管理的软件。该软件支持HTTP、SSH访问等,并可对服务器进行开机、关机和重启等操作。 Cisco Integrated Management Controller存在输入验证错误漏洞,该漏洞源于vKVM端点验证不足,可能导致重定向攻击。
Description (English)
Cisco Integrated Management Contractor (IMC) is a software package used by Cisco to manage UCS. The software supports HTTP, SSH access, etc., and allows server access, shutdown and restart. Cisco Integrated Management Contractors has an input validation error loophole, which is the result of inadequate endpoint verification of vKVM and may lead to a redirectional attack.
Hazard Level
Medium
Vulnerability Type
输入验证错误
Affected Vendor
Citadel
Published
2025-08-27
Last Modified
2026-02-24
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-vkvmorv-CnKrV7HK https://nvd.nist.gov/vuln/detail/CVE-2025-20317