Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?



Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability

Cisco patches a high-severity Integrated Management Controller vulnerability for which PoC exploit code is available.

Cisco on Wednesday announced patches for a high-severity Integrated Management Controller (IMC) vulnerability for which proof-of-concept (PoC) code has been published.

The issue, tracked as CVE-2024-20295 (CVSS score of 8.8) and impacting the command line interface (CLI) of IMC, allows a local attacker that has read-only or higher privileges to inject arbitrary commands on the underlying operating system and gain root privileges.

“This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root,” Cisco explains in its advisory.

Impacted products include Cisco’s 5000 series Enterprise Network Compute Systems (ENCS), Catalyst 8300 series Edge uCPE, UCS C-Series rack servers in standalone mode, and UCS E-Series servers.

The issue also affects applications based on a pre-configured version of UCS C-Series servers that expose access to the IMC CLI, including Secure Email Gateways, Secure Email and Web Manager, Prime Infrastructure appliances, Secure Web appliances, and various other Cisco security appliances.

According to Cisco, PoC code exploiting CVE-2024-20295 is available publicly, but the bug does not appear to be exploited in the wild.

On Wednesday, the tech giant also patched CVE-2024-20356, a different high-severity flaw in IMC that could allow a remote attacker logged in to an administrator account to inject commands and gain root privileges.

The issue affects 5000 series ENCS, Catalyst 8300 series Edge uCPE, UCS C-Series M5, M6, and M7 rack servers in standalone mode, UCS E-Series servers, UCS S-Series storage servers in standalone mode, and appliances based on a preconfigured version of Cisco UCS C-Series servers that expose access to the IMC UI.

Advertisement. Scroll to continue reading.

Also on Wednesday, the tech giant patched a medium-severity bug (CVE-2024-20373) in IOS and IOS XE software that could be exploited remotely, without authentication, to perform SNMP polling of an affected device.

Cisco says it is not aware of either CVE-2024-20356 or CVE-2024-20373 being exploited in attacks.

Users are advised to update their Cisco appliances as soon as possible. Attackers are known to have exploited Cisco vulnerabilities for which patches have been released.

Additional information on the resolved flaws can be found on Cisco’s security advisories page.

Related: Cisco Warns of Vulnerability in Discontinued Small Business Routers

Related: Cisco Patches DoS Vulnerabilities in Networking Products

Related: Cisco Patches High-Severity IOS RX Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights