Cisco has fastened a command injection vulnerability with public exploit code that lets attackers escalate privileges to root on weak programs.
Tracked as CVE-2024-20469, the safety flaw was present in Cisco’s Identification Companies Engine (ISE) resolution, an identity-based community entry management and coverage enforcement software program that allows community gadget administration and endpoint entry management in enterprise environments.
This OS command injection vulnerability is brought on by inadequate validation of user-supplied enter. Native attackers can exploit this weak spot by submitting maliciously crafted CLI instructions in low-complexity assaults that do not require consumer interplay.
Nevertheless, as Cisco explains, risk actors can solely exploit this flaw efficiently in the event that they have already got Administrator privileges on unpatched programs.
“A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root,” the corporate warned in a safety advisory printed on Wednesday.
“The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.”
| Cisco ISE Launch | First Mounted Launch |
|---|---|
| 3.1 and earlier | Not affected |
| 3.2 | 3.2P7 (Sep 2024) |
| 3.3 | 3.3P4 (Oct 2024) |
| 3.4 | Not affected |
Thus far, the corporate has but to find proof of attackers exploiting this safety vulnerability within the wild.
Cisco additionally warned clients immediately that it eliminated a backdoor account in its Sensible Licensing Utility Home windows software program that attackers can use to log into unpatched programs with administrative privileges.
In April, it launched safety patches for an Built-in Administration Controller (IMC) vulnerability (CVE-2024-20295) with publicly accessible exploit code that additionally permits native attackers to escalate privileges to root.
One other crucial flaw (CVE-2024-20401), which lets risk actors add rogue root customers and completely crash Safety Electronic mail Gateway (SEG) home equipment by way of malicious emails, was patched final month.
The identical week, it warned of a maximum-severity vulnerability that lets attackers change any consumer password on weak Cisco Sensible Software program Supervisor On-Prem (Cisco SSM On-Prem) license servers, together with directors.
