Cisco warns about a defect in command escalation in its IMC.
Cisco warns of a vulnerability in command escalation in its IMC. A PoC is publicly available. Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC), for which there is publicly available exploit code. The vulnerability in the Integrated Management Controller (IMC) has been resolved, and the company is aware of the public exploit for this issue. The PoC exploit code allows a local attacker to elevate privileges to root.
The Cisco Integrated Management Controller (IMC) is a baseboard management controller (BMC) that provides embedded server management for Cisco UCS C-Series Rack Servers and Cisco UCS S-Series Storage Servers. The vulnerability tracked as CVE-2024-20295 is located in the command-line interface of the Cisco Integrated Management Controller (IMC).
The IT giant reported that to exploit this vulnerability, an attacker only needs read privileges or higher on the infected device. "This vulnerability is caused by insufficient validation of user-provided data. An attacker can exploit this vulnerability by presenting a crafted CLI command. Successful exploitation may allow the attacker to escalate privileges to root," the statement said.
The vulnerability affects the following products if they use the vulnerable version of Cisco IMC with default settings:
- 5000 Series Enterprise Network Compute Systems (ENCS)
- Catalyst 8300 Series Edge uCPE
- UCS C-Series Rack Servers in standalone mode
- UCS E-Series Servers
Devices from the IT giant, based on a pre-configured version of the UCS C-Series server, are also susceptible to this flaw if they provide access to the IMC CLI. The company claims that there are no workarounds to address this vulnerability. Cisco PSIRT is aware that the vulnerability is publicly available in the form of an exploit, but it is not aware of any instances of attacks in the wild using it.
We will find property for you
- 🔸 Reliable new buildings and ready-made apartments
- 🔸 Without commissions and intermediaries
- 🔸 Online display and remote transaction
Our managers will help you choose a property
Liliya
International Real Estate Consultant
Subscribe to the newsletter from Hatamatata.com!
Subscribe to the newsletter from Hatamatata.com!
Popular Posts
We will find property for you
- 🔸 Reliable new buildings and ready-made apartments
- 🔸 Without commissions and intermediaries
- 🔸 Online display and remote transaction
Our managers will help you choose a property
Liliya
International Real Estate Consultant
Subscribe to the newsletter from Hatamatata.com!
Subscribe to the newsletter from Hatamatata.com!
I agree to the processing of personal data and confidentiality rules of Hatamatata
Need advice on your situation?
Get a free consultation on purchasing real estate overseas. We’ll discuss your goals, suggest the best strategies and countries, and explain how to complete the purchase step by step. You’ll get clear answers to all your questions about buying, investing, and relocating abroad.
Irina Nikolaeva
Sales Director, HataMatata