Cisco Reveals High-Severity IMC Vulnerability with Available Public Exploit Code

April 17, 2024

Cisco has announced patches for a high-risk vulnerability in its Integrated Management Controller (IMC), which could allow local attackers to escalate their privileges to root level. The IMC is a baseboard management controller that is used to manage UCS C-Series Rack and UCS S-Series Storage servers through various interfaces, including the XML API, WebUI, and CLI.

The company explained that a vulnerability in the CLI of the Cisco IMC could enable an authenticated, local attacker to launch command injection attacks on the underlying operating system and elevate their privileges to root level. To take advantage of this vulnerability, the attacker would need read-only or higher privileges on an affected device.

The security flaw, identified as CVE-2024-20295, arises from insufficient validation of user-supplied input. This weakness can be exploited using carefully crafted CLI commands as part of attacks that are not complex. The vulnerability affects certain Cisco devices running vulnerable IMC versions in their default configurations. However, it also exposes a large number of other products to attacks if they are configured to provide access to the vulnerable Cisco IMC CLI.

Cisco's Product Security Incident Response Team (PSIRT) also cautioned in the advisory released today that proof-of-concept exploit code is already available. Fortunately, threat actors have not yet begun targeting the vulnerability in their attacks.

In October, the company released security patches for two zero-days, which were used to compromise more than 50,000 IOS XE devices within a week. Attackers also took advantage of a second IOS and IOS XE zero-day last year, enabling them to take over vulnerable devices through remote code execution. More recently, Cisco alerted customers to a widespread and ongoing brute-force attack on VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices after advising customers to mitigate password-spraying attacks against Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.