Critical Vulnerability Information Vulnerability Overview CVE ID: CVE-2017-6748 Severity: High CVSS Score: 9.3 Release Date: July 26, 2017 Update Date: July 26, 2017 Vulnerability Description Cisco Integrated Management Controller Virtual Keyboard Video Monitor Open Redirect Vulnerability. Attackers can exploit this vulnerability by sending specially crafted URLs to affected devices, potentially leading to redirection to malicious websites or unauthorized system control. Affected Products Cisco UCS Director Edge Plus (UCSDEP) version 1.5(1e) and earlier Cisco UCS Director Express (UCSDX) version 1.5(1e) and earlier Cisco UCS Director (UCSD) version 6.7(1f) and earlier Cisco UCS Director (UCSD) version 6.7(1g) and earlier Cisco UCS Director (UCSD) version 6.7(1h) and earlier Remediation and Fix Upgrade to the following versions to resolve the vulnerability: - UCS Director Edge Plus: 1.5(1f) and later - UCS Director Express: 1.5(1f) and later - UCS Director: 6.7(1i) and later Workarounds Apply patch updates to affected systems. If immediate patching is not feasible, implement temporary mitigations such as restricting access to affected systems. Announcements and Public Statements Cisco has disclosed information about this vulnerability through various public communication channels. Source This vulnerability was discovered through internal security testing. ``` These details provide critical information about the vulnerability, including its severity, affected products, remediation steps, announcements, and source.