OS Command Injection in Cisco Systems, Inc Other software

#VU88805 OS Command Injection in Cisco Systems, Inc Other software

Published: 2024-04-19

Vulnerability identifier: #VU88805

Vulnerability risk: Low

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2024-20356

CWE-ID: CWE-78

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Cisco Integrated Management Controller
Server applications / Remote management servers, RDP, SSH
Enterprise NFV Infrastructure Software
Server applications / Virtualization software
Cisco 5000 Series Enterprise Network Compute System
Client/Desktop applications / Virtualization software
Catalyst 8300 Series Edge Universal CPE
Hardware solutions / Routers & switches, VoIP, GSM, etc
UCS C-Series M5 Rack Servers
Server applications / Other server solutions
UCS C-Series M6 Rack Servers
Server applications / Other server solutions
UCS C-Series M7 Rack Servers
Server applications / Other server solutions
UCS E-Series Servers
Other software / Other software solutions
UCS S-Series Servers in standalone mode
Other software / Other software solutions

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the web-based management interface. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco Integrated Management Controller: 3.1 - 4.12

Enterprise NFV Infrastructure Software: 3.12 - 3.13

Cisco 5000 Series Enterprise Network Compute System: All versions

Catalyst 8300 Series Edge Universal CPE: All versions

UCS C-Series M5 Rack Servers: All versions

UCS C-Series M6 Rack Servers: All versions

UCS C-Series M7 Rack Servers: All versions

UCS E-Series Servers: All versions

UCS S-Series Servers in standalone mode: All versions

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

OS Command Injection in Cisco Integrated Management Controller