Summary: Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) that allows a local attacker to escalate privileges to root. A public exploit code for this issue is available.
Threat Actor: N/A
Victim: Cisco | Cisco
Key Point:
- A high-severity vulnerability in Cisco IMC allows a local attacker to escalate privileges to root.
- The vulnerability resides in the CLI of the Cisco IMC and can be exploited by a local, authenticated attacker.
- The flaw impacts various Cisco products running a vulnerable release of Cisco IMC in the default configuration.
- No workarounds are available to solve this vulnerability.
- Proof-of-concept exploit code is available, but no attacks exploiting the vulnerability have been reported.
Cisco has addressed a high-severity Integrated Management Controller (IMC) vulnerability and is aware of a public exploit code for this issue. The PoC exploit code allows a local attacker to escalate privileges to root.
Cisco Integrated Management Controller (IMC) is a baseboard management controller (BMC) that provides embedded server management for Cisco UCS C-Series Rack Servers and Cisco UCS S-Series Storage Servers.
The vulnerability, tracked as CVE-2024-20295, resides in the CLI of the Cisco Integrated Management Controller (IMC). A local, authenticated attacker can exploit the vulnerability to conduct command injection attacks on the underlying operating system and elevate privileges to root. The IT giant reported that to exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device.
“This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.” reads the advisory.
The flaw impacts the following products if they are running a vulnerable release of Cisco IMC in the default configuration:
- 5000 Series Enterprise Network Compute Systems (ENCS)
- Catalyst 8300 Series Edge uCPE
- UCS C-Series Rack Servers in standalone mode
- UCS E-Series Servers
The IT giant devices that are based on a preconfigured version of a UCS C-Series Server are also impacted by this flaw if they expose access to the IMC CLI.
The company states that there are no workarounds to solve this vulnerability.
The Cisco PSIRT is aware that proof-of-concept exploit code is available for this vulnerability, however it is not aware of attacks in the wild exploiting it.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, PoC exploit)
Source: https://securityaffairs.com/161975/hacking/cisco-integrated-management-controller-bug.html
“An interesting youtube video that may be related to the article above”