Cisco has launched patches for a high-severity Built-in Administration Controller (IMC) vulnerability with public exploit code that may let native attackers escalate privileges to root.
Cisco IMC is a baseboard administration controller for managing UCS C-Collection Rack and UCS S-Collection Storage servers through a number of interfaces, together with XML API, net (WebUI), and command-line (CLI) interfaces.
“A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root,” the corporate explains.
“To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device.”
Tracked as CVE-2024-20295, this safety flaw is brought on by inadequate validation of user-supplied enter, a weak point that may be exploited utilizing crafted CLI instructions as a part of low-complexity assaults.
The vulnerability impacts the next Cisco gadgets working susceptible IMC variations in default configurations:
- 5000 Collection Enterprise Community Compute Programs (ENCS)
- Catalyst 8300 Collection Edge uCPE
- UCS C-Collection Rack Servers in standalone mode
- UCS E-Collection Servers
Nevertheless, it additionally exposes a protracted record of different merchandise to assaults in the event that they’re configured to offer entry to the susceptible Cisco IMC CLI.
Cisco’s Product Safety Incident Response Workforce (PSIRT) additionally warned in immediately’s advisory that proof-of-concept exploit code is already accessible, however fortunately, menace actors have but to start out concentrating on the vulnerability in assaults.
In October, the corporate launched safety patches for 2 zero-days, which have been used to breach over 50,000 IOS XE gadgets inside every week.
Attackers additionally exploited a second IOS and IOS XE zero-day final yr, permitting them to hijack susceptible gadgets through distant code execution.
Extra just lately, Cisco warned of a large-scale and ongoing credential brute-forcing marketing campaign concentrating on VPN and SSH providers on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti gadgets after urging prospects to mitigate password-spraying assaults towards Distant Entry VPN (RAVPN) providers configured on Cisco Safe Firewall gadgets.