HACKERS GAIN ADMIN ACCESS IN CISCO IMC

Cisco has released updates to address a serious vulnerability in its integrated control controllers that could allow local attackers to elevate their privileges to the administrator level.

“The vulnerability in the command line Cisco Integrated Management Controller (IMC) can enable a local authorized attacker to execute attacks using the command line in the base operating system and escalate privileges to ROOT” – explained the company.

The issue, identified as CVE-2024-20295, is caused by insufficient verification of user-entered data. This allows for the execution of specially crafted commands for low complexity attacks.

The affected devices include Cisco servers from the following series:

  • 5000 Series Enterprise Network Compute Systems (ENCS);
  • Catalyst 8300 Series Edge Ucpe;
  • UCS C-Series servers in standalone mode;
  • UCS E-Series servers.

Cisco’s Product Security Incident Response Team (PSIRT) has issued a warning about the security incidents in their products, indicating that Proof of Concept (POC) exploits are usually categorized by the type of vulnerability they exploit, whether they are local or remote, and the outcome of the exploit (e.g., EOP, DOS, Spulping). One such method for zero-day exploitation is through an Exploit-As-A-Service scheme.

/Reports, release notes, official announcements.