Cisco reports high-severity flaw in Integrated Management Controller, exploit PoC published
Take action: This is not an urgent patch. There is an exploit available but the attack requires authenticated credentials. First make an advisory to your admins of the Cisco Integrated Management Controller that they need to be very mindful of password management, phishing and social engineering, because the attack vector will include their credentials. Then plan for a regular cycle of patching.
Learn More
Cisco is reporting a high-severity vulnerability tracked as CVE-2024-20295 (CVSS score 8.8), affecting the command-line interface of the Cisco Integrated Management Controller (IMC).
The vulnerability could enable an authenticated local attacker, with at least read-only privileges, to execute command injection attacks, potentially leading to root-level privileges on the underlying operating system. Although there has been no reported malicious use, proof-of-concept exploit code has been made public, increasing the risk of exploitation.
The affected products are primarily Cisco devices running specific versions of the IMC in a default configuration. The advisory page provides a detailed list of affected devices, including:
- UCS C-Series Rack Servers in standalone mode,
- UCS E-Series Servers,
- 5000 Series Enterprise Network Compute Systems, and
- Catalyst 8300 Series Edge uCPE.
Additionally, any Cisco products based on a preconfigured version of a Cisco UCS C-Series Server, which expose access to the Cisco IMC CLI, could also be vulnerable.
Products that remain unaffected are:
- UCS B-Series Blade Servers,
- UCS C-Series Rack Servers managed by Cisco UCS Manager,
- UCS S-Series Storage Servers, and
- UCS X-Series Modular Systems.
Cisco advises customers to apply the patches provided, as there are no available workarounds.
