Cisco IMC CLI Vulnerability Could Lead to Privilege Elevation
CVE-2024-20295
Summary
A vulnerability exists within the command-line interface (CLI) of Cisco's Integrated Management Controller (IMC) that could permit authenticated local users to conduct command injection attacks. This flaw arises from the lack of adequate validation for user-provided input. If successfully exploited, an attacker with read-only or elevated privileges could craft CLI commands that manipulate the underlying operating system, potentially leading to a compromise of root-level privileges. Organizations utilizing affected versions of Cisco IMC should evaluate their security configurations and apply necessary mitigations to prevent potential exploits.
Affected Version(s)
Cisco Unified Computing System (Standalone) 3.0(1c)
Cisco Unified Computing System (Standalone) 3.0(1d)
Cisco Unified Computing System (Standalone) 3.0(2b)
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
meterpreter.orgCVE-2024-20295Vulnerability • InfoTech & InfoSec News
CVE-2024-20295: Cisco Integrated Management Controller CLI Command Injection VulnerabilityCisco has released updates to address a critical vulnerability in its Integrated Management Controller, which allows...
10 months ago
Cisco discloses high-severity vulnerability, PoC available | TechTa...
Cisco published a security advisory for the vulnerability tracked as CVE-2024-20295 and urged users to upgrade to fixed versions.
10 months ago
ÇözümParkCVE-2024-20295Cisco'dan Kritik Zafiyet Uyarısı! - ÇözümPark
Cisco, Integrated Management Controller (IMC)’da tespit edilen ve saldırganlara root yetkiler sağlayan kritik zafiyet için güncelleme yayınlandı. İşin en kötü tarafı zafiyete ait exploit’in public olarak yayınlanmış olması. CVE-2024-20295 olarak izlenen versayılan yapılandırmalarda zafiyet aşağıdaki...
10 months ago
References
CVSS V3.1
Timeline
Vulnerability published
- 📰
First article discovered by ÇözümPark
Vulnerability Reserved