Cisco Company released patches for a vulnerability in the Integrated Management Controller (IMC) for which there is already a publicly available exploit. The issue allows local attackers to escalate their privileges to root level.
Cisco IMC is a BMC (baseboard management controller) for managing UCS C-Series Rack and UCS S-Series Storage servers through various interfaces, including XML API, web interface and CLI.
Advertisement
The company explains that the vulnerability received an identifier CVE-2024-20295 and allows an authenticated local attacker to perform command injection at the underlying OS level, escalating their privileges to root. The vulnerability is due to incorrect validation of user input and can be exploited using specially prepared CLI commands
“To exploit this vulnerability, an attacker must have read-only or higher permissions on the affected device,” Cisco wrote.
The vulnerability affects the following Cisco devices that have affected versions of IMC installed in their default configurations:
- Enterprise Network Compute Systems (ENCS) 5000 series;
- Catalyst 8300 Series Edge uCPE;
- UCS C-Series Rack servers in standalone mode;
- UCS E-series servers.
The Cisco PSIRT team warns that a PoC exploit for this issue is already publicly available, but hackers have not yet begun exploiting the vulnerability in attacks.