Article Details
Scrape Timestamp (UTC): 2024-04-17 17:25:58.046
Original Article Text
Click to Toggle View
Cisco discloses root escalation flaw with public exploit code. Cisco has released patches for a high-severity Integrated Management Controller (IMC) vulnerability with public exploit code that can let local attackers escalate privileges to root. Cisco IMC is a baseboard management controller for managing UCS C-Series Rack and UCS S-Series Storage servers via multiple interfaces, including XML API, web (WebUI), and command-line (CLI) interfaces. "A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root," the company explains. "To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device." Tracked as CVE-2024-20295, this security flaw is caused by insufficient validation of user-supplied input, a weakness that can be exploited using crafted CLI commands as part of low-complexity attacks. The vulnerability impacts the following Cisco devices running vulnerable IMC versions in default configurations: However, it also exposes a long list of other products to attacks if they're configured to provide access to the vulnerable Cisco IMC CLI. Cisco's Product Security Incident Response Team (PSIRT) also warned in today's advisory that proof-of-concept exploit code is already available, but luckily, threat actors have yet to start targeting the vulnerability in attacks. In October, the company released security patches for two zero-days, which were used to breach over 50,000 IOS XE devices within a week. Attackers also exploited a second IOS and IOS XE zero-day last year, allowing them to hijack vulnerable devices via remote code execution. More recently, Cisco warned of a large-scale and ongoing credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices after urging customers to mitigate password-spraying attacks against Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices.
Daily Brief Summary
Cisco has patched a critical vulnerability in its Integrated Management Controller (IMC) that allowed privilege escalation to root access.
The flaw, designated CVE-2024-20295, stemmed from insufficient input validation in the CLI, permitting command injection attacks.
Public exploit code for the vulnerability is accessible, though there have been no reported incidents of exploitation by threat actors.
Affected devices include UCS C-Series Rack and UCS S-Series Storage servers utilizing vulnerable IMC versions in their default setups.
Cisco's Product Security Incident Response Team (PSIRT) highlighted the availability of the exploit code in their recent advisory.
The company urges users with access rights ranging from read-only upwards on implicated devices to apply the patches immediately.
Historical context includes recent Cisco advisories on zero-day vulnerabilities exploited to attack over 50,000 devices and ongoing brute-force campaigns targeting network devices.