Cisco warns of a command injection escalation flaw in its IMC


Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

Pierluigi Paganini
Cisco warns of a command injection escalation flaw in its IMC April 18, 2024

Cisco warns of a command injection escalation flaw in its IMC

Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly available exploit code exists.

Cisco has addressed a high-severity Integrated Management Controller (IMC) vulnerability and is aware of a public exploit code for this issue. The PoC exploit code allows a local attacker to escalate privileges to root.

Cisco Integrated Management Controller (IMC) is a baseboard management controller (BMC) that provides embedded server management for Cisco UCS C-Series Rack Servers and Cisco UCS S-Series Storage Servers.

The vulnerability, tracked as CVE-2024-20295, resides in the CLI of the Cisco Integrated Management Controller (IMC). A local, authenticated attacker can exploit the vulnerability to conduct command injection attacks on the underlying operating system and elevate privileges to root. The IT giant reported that to exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device.

“This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.” reads the advisory.

The flaw impacts the following products if they are running a vulnerable release of Cisco IMC in the default configuration:

  • 5000 Series Enterprise Network Compute Systems (ENCS)
  • Catalyst 8300 Series Edge uCPE
  • UCS C-Series Rack Servers in standalone mode
  • UCS E-Series Servers

The IT giant devices that are based on a preconfigured version of a UCS C-Series Server are also impacted by this flaw if they expose access to the IMC CLI. 

The company states that there are no workarounds to solve this vulnerability.

The Cisco PSIRT is aware that proof-of-concept exploit code is available for this vulnerability, however it is not aware of attacks in the wild exploiting it.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, PoC exploit)







Source link