April 18, 2024 at 08:45AM
Cisco released patches for a high-severity IMC vulnerability (CVE-2024-20295, CVSS 8.8) allowing local attackers to inject commands and gain root privileges. Another flaw (CVE-2024-20356) could let remote attackers gain root privileges. A medium-severity bug (CVE-2024-20373) in IOS and IOS XE software was also fixed. Users are urged to update their Cisco appliances promptly.
Key takeaways from the meeting notes are as follows:
1. Cisco has announced patches for a high-severity Integrated Management Controller (IMC) vulnerability, tracked as CVE-2024-20295, which allows a local attacker with read-only or higher privileges to inject arbitrary commands and gain root privileges.
2. The vulnerability impacts Cisco’s 5000 series Enterprise Network Compute Systems (ENCS), Catalyst 8300 series Edge uCPE, UCS C-Series rack servers in standalone mode, and UCS E-Series servers, as well as applications based on a pre-configured version of UCS C-Series servers.
3. Cisco has also patched a different high-severity flaw in IMC (CVE-2024-20356) that could allow a remote attacker logged in to an administrator account to inject commands and gain root privileges. This flaw affects several Cisco products including the 5000 series ENCS, Catalyst 8300 series Edge uCPE, UCS C-Series M5, M6, and M7 rack servers, UCS E-Series servers, UCS S-Series storage servers, and appliances based on a preconfigured version of Cisco UCS C-Series servers.
4. Additionally, Cisco has patched a medium-severity bug (CVE-2024-20373) in IOS and IOS XE software, which could be exploited remotely, without authentication, to perform SNMP polling of an affected device.
5. Cisco advises users to update their appliances as soon as possible, as attackers are known to have exploited Cisco vulnerabilities for which patches have been released.
6. Further information on the resolved flaws can be found on Cisco’s security advisories page.