Cisco IMC CLI Vulnerability Could Lead to Privilege Elevation

Summary

A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.

News Articles

meterpreter.org

CVE-2024-20295

Vulnerability • InfoTech & InfoSec News

CVE-2024-20295: Cisco Integrated Management Controller CLI Command Injection VulnerabilityCisco has released updates to address a critical vulnerability in its Integrated Management Controller, which allows...

8 months ago

TechTarget

CVE-2024-20295

Cisco discloses high-severity vulnerability, PoC available | TechTa...

Cisco published a security advisory for the vulnerability tracked as CVE-2024-20295 and urged users to upgrade to fixed versions.

8 months ago

ÇözümPark

CVE-2024-20295

Cisco'dan Kritik Zafiyet Uyarısı! - ÇözümPark

Cisco, Integrated Management Controller (IMC)’da tespit edilen ve saldırganlara root yetkiler sağlayan kritik zafiyet için güncelleme yayınlandı. İşin en kötü tarafı zafiyete ait exploit’in public olarak yayınlanmış olması. CVE-2024-20295 olarak izlenen versayılan yapılandırmalarda zafiyet aşağıdaki...

8 months ago

References