Cisco warns about a defect in command escalation in its IMC.

Cisco warns of a vulnerability in command escalation in its IMC. A PoC is publicly available. Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC), for which there is publicly available exploit code. The vulnerability in the Integrated Management Controller (IMC) has been resolved, and the company is aware of the public exploit for this issue. The PoC exploit code allows a local attacker to elevate privileges to root.

The Cisco Integrated Management Controller (IMC) is a baseboard management controller (BMC) that provides embedded server management for Cisco UCS C-Series Rack Servers and Cisco UCS S-Series Storage Servers. The vulnerability tracked as CVE-2024-20295 is located in the command-line interface of the Cisco Integrated Management Controller (IMC).

The IT giant reported that to exploit this vulnerability, an attacker only needs read privileges or higher on the infected device. "This vulnerability is caused by insufficient validation of user-provided data. An attacker can exploit this vulnerability by presenting a crafted CLI command. Successful exploitation may allow the attacker to escalate privileges to root," the statement said.

The vulnerability affects the following products if they use the vulnerable version of Cisco IMC with default settings:

• 5000 Series Enterprise Network Compute Systems (ENCS)
• Catalyst 8300 Series Edge uCPE
• UCS C-Series Rack Servers in standalone mode
• UCS E-Series Servers

Devices from the IT giant, based on a pre-configured version of the UCS C-Series server, are also susceptible to this flaw if they provide access to the IMC CLI. The company claims that there are no workarounds to address this vulnerability. Cisco PSIRT is aware that the vulnerability is publicly available in the form of an exploit, but it is not aware of any instances of attacks in the wild using it.