Cisco has launched patches for a high-severity Built-in Administration Controller (IMC) vulnerability with public exploit code that may let native attackers escalate privileges to root.
Cisco IMC is a baseboard administration controller for managing UCS C-Sequence Rack and UCS S-Sequence Storage servers through a number of interfaces, together with XML API, internet (WebUI), and command-line (CLI) interfaces.
“A vulnerability within the CLI of the Cisco Built-in Administration Controller (IMC) might enable an authenticated, native attacker to carry out command injection assaults on the underlying working system and elevate privileges to root,” the corporate explains.
“To take advantage of this vulnerability, the attacker should have read-only or larger privileges on an affected machine.”
Tracked as CVE-2024-20295, this safety flaw is attributable to inadequate validation of user-supplied enter, a weak spot that may be exploited utilizing crafted CLI instructions as a part of low-complexity assaults.
The vulnerability impacts the next Cisco gadgets working susceptible IMC variations in default configurations:
- 5000 Sequence Enterprise Community Compute Techniques (ENCS)
- Catalyst 8300 Sequence Edge uCPE
- UCS C-Sequence Rack Servers in standalone mode
- UCS E-Sequence Servers
Nonetheless, it additionally exposes a protracted listing of different merchandise to assaults in the event that they’re configured to offer entry to the susceptible Cisco IMC CLI.
Cisco’s Product Safety Incident Response Workforce (PSIRT) additionally warned in in the present day’s advisory that proof-of-concept exploit code is already obtainable, however fortunately, menace actors have but to start out concentrating on the vulnerability in assaults.
In October, the corporate launched safety patches for 2 zero-days, which have been used to breach over 50,000 IOS XE gadgets inside every week.
Attackers additionally exploited a second IOS and IOS XE zero-day final 12 months, permitting them to hijack susceptible gadgets through distant code execution.
Extra not too long ago, Cisco warned of a large-scale and ongoing credential brute-forcing marketing campaign concentrating on VPN and SSH providers on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti gadgets after urging prospects to mitigate password-spraying assaults towards Distant Entry VPN (RAVPN) providers configured on Cisco Safe Firewall gadgets.