LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

1 week ago 22
BOOK THIS SPACE FOR AD
ARTICLE AD

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly available exploit code exists.

Cisco has addressed a high-severity Integrated Management Controller (IMC) vulnerability and is aware of a public exploit code for this issue. The PoC exploit code allows a local attacker to escalate privileges to root.

Cisco Integrated Management Controller (IMC) is a baseboard management controller (BMC) that provides embedded server management for Cisco UCS C-Series Rack Servers and Cisco UCS S-Series Storage Servers.

The vulnerability, tracked as CVE-2024-20295, resides in the CLI of the Cisco Integrated Management Controller (IMC). A local, authenticated attacker can exploit the vulnerability to conduct command injection attacks on the underlying operating system and elevate privileges to root. The IT giant reported that to exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device.

“This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.” reads the advisory.

The flaw impacts the following products if they are running a vulnerable release of Cisco IMC in the default configuration:

5000 Series Enterprise Network Compute Systems (ENCS) Catalyst 8300 Series Edge uCPE UCS C-Series Rack Servers in standalone mode UCS E-Series Servers

The IT giant devices that are based on a preconfigured version of a UCS C-Series Server are also impacted by this flaw if they expose access to the IMC CLI. 

The company states that there are no workarounds to solve this vulnerability.

The Cisco PSIRT is aware that proof-of-concept exploit code is available for this vulnerability, however it is not aware of attacks in the wild exploiting it.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, PoC exploit)

Read Entire Article
  3. Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

Related

CISA guidelines to protect critical infrastructure against AI-based threats

CISA guidelines to protect critical infrastructure against AI-based threats

NCSC: New UK law bans default passwords on smart devices

NCSC: New UK law bans default passwords on smart devices

Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023

Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023

Financial Business and Consumer Solutions (FBCS) data breach impacted 2M individuals

Financial Business and Consumer Solutions (FBCS) data breach impacted 2M individuals

The Los Angeles County Department of Health Services disclosed a data breach

The Los Angeles County Department of Health Services disclosed a data breach

Kaiser Permanente data breach may have impacted 13.4 million patients

Kaiser Permanente data breach may have impacted 13.4 million patients

Trending

1. Stock market holidays
2. MI बनाम LSG
3. IND W vs BAN W
4. Mayank Yadav
5. Covishield vaccine side effects
6. Pseb.ac.in
7. Raghav Chadha
8. HSBC CEO Noel Quinn
9. Bseh.org.in 2024 result
10. JAC 12th Result 2024

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved