If you use certain Cisco servers, firewalls or appliances, then you might be vulnerable to a new publicly disclosed security vulnerability that could allow attackers to take complete control of your system with root privileges.
Cisco recently disclosed a high-severity security flow (CVE-2024-20295) in Cisco command line interface of its Integrated Management Controller (IMC) firmware. This IMC software is used for configuring and managing many UCS server models as well as several other Cisco products.
Root Cause: Insufficient Input Validation Enables Full System Compromise
The cause of this critical vulnerability is the lack of proper input sanitization in the IMC command line interface. This allows an authenticated user, even with restricted read-only privileges, to inject malicious commands that are passed to the underlying operating system for execution. The attacker can exploit CVE-2024-20295 to achieve complete, unfettered root access on the vulnerable device.
If exploited, the tacker will able to view and manipulate any data, modify configurations, install persistent backdoors, and carry out any malicious actions they desire.
Affected Products
Affected Cisco products include UCS rack servers, some Catalyst switches, Wireless LAN controllers, security appliances like firewalls and email gateways, and even the server hardware that powers tools like Cisco DNA Center. Essentially, if the device exposes the vulnerable IMC command line, it’s likely susceptible.
What makes this even worse is that public exploit code for CVE-2024-20295 is already circulating online, Cisco says they aren’t yet detecting any active exploitation attempts, but that window could close quickly.
Mitigating CVE-2024-20295: Patching is the Only Option
So as a Cisco user, what can you do? Apply Cisco’s patched software updates as soon as possible to remediate this command injection vulnerability across your environment. As per Cisco’s security advisory, there are no workarounds, so updates are essential.
Products Confirmed Unaffected by CVE-2024-20295
Cisco has stated that the following products are not impacted by this critical IMC vulnerability:
- UCS B-Series Blade Servers
- UCS C-Series Rack Servers managed by UCS Manager
- UCS S-Series Storage Servers
- UCS X-Series Modular Systems
These products do not expose the vulnerable IMC command line interface, so they are not susceptible to CVE-2024-20295. Organizations can have confidence that these UCS systems are unaffected and do not require patching or mitigations for this specific issue.
Act quickly to close this concerning security hole in Cisco’s widely-used management software. Your network depends on maintaining a secure environment, patched and protected from future cyber security threats.
