Cisco IMC CLI Vulnerability Could Lead to Privilege Elevation
Key Information
- Vendor
- Cisco
- Status
- Cisco Unified Computing System (standalone)
- Cisco Unified Computing System E-series Software (ucse)
- Vendor
- CVE Published:
- 24 April 2024
Badges
Summary
A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.
Affected Version(s)
Cisco Unified Computing System (Standalone) = 3.0(1c)
Cisco Unified Computing System (Standalone) = 3.0(1d)
Cisco Unified Computing System (Standalone) = 3.0(2b)
News Articles
meterpreter.org CVE-2024-20295Vulnerability • InfoTech & InfoSec News
CVE-2024-20295: Cisco Integrated Management Controller CLI Command Injection VulnerabilityCisco has released updates to address a critical vulnerability in its Integrated Management Controller, which allows...
5 months ago
Cisco discloses high-severity vulnerability, PoC available | TechTa...
Cisco published a security advisory for the vulnerability tracked as CVE-2024-20295 and urged users to upgrade to fixed versions.
5 months ago
ÇözümPark CVE-2024-20295Cisco'dan Kritik Zafiyet Uyarısı! - ÇözümPark
Cisco, Integrated Management Controller (IMC)’da tespit edilen ve saldırganlara root yetkiler sağlayan kritik zafiyet için güncelleme yayınlandı. İşin en kötü tarafı zafiyete ait exploit’in public olarak yayınlanmış olması. CVE-2024-20295 olarak izlenen versayılan yapılandırmalarda zafiyet aşağıdaki...
5 months ago
CVSS V3.1
Timeline
Vulnerability published.
First article discovered by ÇözümPark
Vulnerability Reserved.