cbcvebase.
CVE-2024-20356
published 2024-04-24

CVE-2024-20356: A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with…

PriorityP269high8.7CVSS 3.1
AVNACLPRHUINSCCHIHAN
EPSS
32.70%
98.1th percentile
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root.

Affected

156 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system
ciscocisco_unified_computing_system

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is the web-based management interface of Cisco IMC; monitor for crafted/anomalous POST requests to the IMC web UI from authenticated Administrator-level sessions that contain shell metacharacters or injection payloads
  • Privilege escalation to root is the success indicator; alert on unexpected root-level process spawning from the Cisco IMC web service process
  • Root cause is insufficient user input validation (CWE-78 OS Command Injection); inspect IMC web interface input fields for unsanitized shell metacharacters
  • ·Exploitation requires the attacker to already hold Administrator-level privileges on the Cisco IMC web interface; detections should focus on authenticated admin sessions exhibiting injection behavior rather than unauthenticated access
  • ·No workarounds exist; patching is the only mitigation. Track Cisco Bug IDs CSCwi42996, CSCwi43001, and CSCwi43005 for affected product versions and fix availability

CVSS provenance

nvdv3.18.7HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
vendor_cisco8.7HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.