Posts for: #Cisco Unified Computing System (Standalone)

Cisco Integrated Management Controller Virtual Keyboard Video Monitor Stored Cross-Site Scripting Vulnerability

#Cisco  #Cisco Unified Computing System (Managed)  #Cisco Unified Computing System (Standalone)  #Cisco Unified Computing System E-Series Software (UCSE) 
🚨 SEVERITY: MEDIUM β€” CVSS 5.4 Security Advisory

TL;DR πŸ“Œ

A stored cross-site scripting (XSS) vulnerability has been identified in the Cisco Integrated Management Controller’s Virtual Keyboard Video Monitor (vKVM). This medium-severity issue allows authenticated attackers to execute arbitrary scripts in the context of the affected interface. Cisco has released software updates to address this vulnerability, but no workarounds are available.

What happened πŸ•΅οΈβ€β™‚οΈ

A vulnerability in the vKVM connection handling of Cisco’s Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored XSS attack. This vulnerability arises from insufficient validation of user-supplied input in the web-based management interface. An attacker could exploit this by injecting malicious code into specific data fields, potentially executing arbitrary script code or accessing sensitive browser-based information.

[]

Cisco Integrated Management Controller Virtual Keyboard Video Monitor Open Redirect Vulnerability

#Cisco  #Cisco Unified Computing System (Managed)  #Cisco Unified Computing System (Standalone)  #Cisco Unified Computing System E-Series Software (UCSE) 
🚨 SEVERITY: HIGH β€” CVSS 7.1 Security Advisory

TL;DR πŸ“Œ

A high-severity vulnerability has been identified in the Cisco Integrated Management Controller (IMC) Virtual Keyboard Video Monitor (vKVM). This vulnerability allows unauthenticated remote attackers to redirect users to malicious websites, potentially capturing sensitive information. Cisco has released software updates to address this issue, and there are no workarounds available.

What happened πŸ•΅οΈβ€β™‚οΈ

A vulnerability in the vKVM connection handling of Cisco IMC could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability arises from insufficient verification of vKVM endpoints. Attackers can exploit this by persuading users to click on crafted links, leading to potential credential capture.

[]

Cisco Integrated Management Controller Privilege Escalation Vulnerability

#Cisco  #Cisco Unified Computing System (Managed)  #Cisco Unified Computing System (Standalone) 
🚨 SEVERITY: HIGH β€” CVSS 8.8 Security Advisory

TL;DR πŸ“Œ

  • A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this…
  • No fixed release listed yet; apply mitigations and monitor.
  • Workarounds are documented in the advisory.
  • CVEs: CVE-2025-20261.

What happened πŸ•΅οΈβ€β™‚οΈ

A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges.

[]