Cisco IMC Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the web-based management interface of Cisco Integrated Management Controller (IMC) across various products, including UCS C-Series Rack Servers, UCS E-Series Servers, and several Cisco appliances based on UCS C-Series Servers. This vulnerability allows an authenticated, remote attacker with administrative privileges to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information. The issue arises from insufficient validation of user input, enabling attackers to persuade users to click on crafted links that exploit the vulnerability.

Impact

Exploitation of this vulnerability could lead to stored cross-site scripting, allowing an attacker to execute scripts in the context of the user's session.

Remediation

Cisco has released software updates to address this vulnerability. For Cisco 5000 Series ENCS and Catalyst 8300 Series Edge uCPE, IMC can be upgraded as part of the firmware auto-upgrade process. For UCS C-Series M5 and M6 Rack Servers, the first fixed releases are 4.3(2.260007) and 6.0(2.260044), respectively. UCS E-Series Servers M3 and M6 have fixed releases available as well. Instructions for upgrading can be found in the Cisco Host Upgrade Utility User Guide.