Cisco Integrated Management Controller Virtual Keyboard Video Monitor Stored Cross-Site Scripting Vulnerability
TL;DR π
A stored cross-site scripting (XSS) vulnerability has been identified in the Cisco Integrated Management Controller’s Virtual Keyboard Video Monitor (vKVM). This medium-severity issue allows authenticated attackers to execute arbitrary scripts in the context of the affected interface. Cisco has released software updates to address this vulnerability, but no workarounds are available.
What happened π΅οΈββοΈ
A vulnerability in the vKVM connection handling of Cisco’s Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored XSS attack. This vulnerability arises from insufficient validation of user-supplied input in the web-based management interface. An attacker could exploit this by injecting malicious code into specific data fields, potentially executing arbitrary script code or accessing sensitive browser-based information.
Affected products π₯οΈ
The following Cisco products are affected if they are running a vulnerable software release:
- Catalyst 8300 Series Edge uCPE
- Cisco UCS Manager Software
- UCS B-Series Blade Servers
- UCS C-Series M6, M7, and M8 Rack Servers
- UCS E-Series Servers M6
- UCS X-Series Modular System
Additionally, various Cisco appliances based on preconfigured versions of the UCS C-Series Servers are also affected.
Fixed software π§
Upgrade to the first fixed release in your train (or later):
| Release / Product | First Fixed Release | Notes |
|---|---|---|
| 4.18 and earlier | 4.18.1 | |
| 4.1 and earlier | Migrate to a fixed release. | |
| 4.2 | 4.2(3p) | |
| 4.3 | 4.3(6a) | |
| 6.0 | Not vulnerable. | |
| 4.2 | 4.2(3o) | |
| 4.3 | 4.3(5c) | |
| 4.2 | 4.2(3l) | |
| 5.1 | Migrate to a fixed release. | |
| 5.2 | Migrate to a fixed release. | |
| 5.3 | 5.3(0.250001) | |
| 5.4 | Not vulnerable. | |
| 5.0 | 5.0(4i) | |
| 4.3 | 4.3(5.250001) | |
| 4.15 and earlier | 4.15.2 | |
| 1.0 | Initial public release. |
Workarounds π§―
There are no workarounds available for this vulnerability.
Risk in context π―
The highest CVSS score for this vulnerability is 5.4, which is classified as Medium severity. The risk is primarily driven by the requirement for valid user credentials, which limits exposure to authenticated users. However, successful exploitation could lead to unauthorized access to sensitive information and potentially compromise the integrity of the affected systems.
Fast facts β‘
- Vulnerability Type: Stored Cross-Site Scripting (XSS)
- CVSS Score: 5.4 (Medium)
- Exploitation: Requires valid user credentials
- Workarounds: None available
- Fixed Software: Updates available for affected products
For leadership π§
This vulnerability poses a Medium risk (CVSS 5.4) primarily affecting authenticated users with low privileges. Although exploitation requires valid credentials, the potential for unauthorized access to sensitive information remains a concern. Immediate remediation is advisedβpatch affected systems within 7 days using the provided software updates.
- Now: Review affected products and prioritize patching.
- Next: Implement the recommended software updates.
- Later: Monitor for any signs of exploitation and conduct a security audit.
By addressing this vulnerability promptly, we can mitigate the risk of unauthorized access and protect sensitive data within our network infrastructure.