Cisco on Wednesday announced patches for a high-severity Integrated Management Controller (IMC) vulnerability for which proof-of-concept (PoC) code has been published.
The issue, tracked as CVE-2024-20295 (CVSS score of 8.8) and impacting the command line interface (CLI) of IMC, allows a local attacker that has read-only or higher privileges to inject arbitrary commands on the underlying operating system and gain root privileges.
“This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root,” Cisco explains in its advisory.
Impacted products include Cisco’s 5000 series Enterprise Network Compute Systems (ENCS), Catalyst 8300 series Edge uCPE, UCS C-Series rack servers in standalone mode, and UCS E-Series servers.
The issue also affects applications based on a pre-configured version of UCS C-Series servers that expose access to the IMC CLI, including Secure Email Gateways, Secure Email and Web Manager, Prime Infrastructure appliances, Secure Web appliances, and various other Cisco security appliances.
According to Cisco, PoC code exploiting CVE-2024-20295 is available publicly, but the bug does not appear to be exploited in the wild.
On Wednesday, the tech giant also patched CVE-2024-20356, a different high-severity flaw in IMC that could allow a remote attacker logged in to an administrator account to inject commands and gain root privileges.
The issue affects 5000 series ENCS, Catalyst 8300 series Edge uCPE, UCS C-Series M5, M6, and M7 rack servers in standalone mode, UCS E-Series servers, UCS S-Series storage servers in standalone mode, and appliances based on a preconfigured version of Cisco UCS C-Series servers that expose access to the IMC UI.
Also on Wednesday, the tech giant patched a medium-severity bug (CVE-2024-20373) in IOS and IOS XE software that could be exploited remotely, without authentication, to perform SNMP polling of an affected device.
Cisco says it is not aware of either CVE-2024-20356 or CVE-2024-20373 being exploited in attacks.
Users are advised to update their Cisco appliances as soon as possible. Attackers are known to have exploited Cisco vulnerabilities for which patches have been released.
Additional information on the resolved flaws can be found on Cisco’s security advisories page.
Related: Cisco Warns of Vulnerability in Discontinued Small Business Routers
Related: Cisco Patches DoS Vulnerabilities in Networking Products