CVE-2024-20356

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root.

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

Severity	HIGH
CVSS	8.7
EPSS	34.08% EPSS high
CWE	CWE-78
KEV
Published	2 years ago
Modified	1 month ago

Products with public affected evidence

Product	Advisory	Affected evidence
Cisco Unified Computing System (Standalone)	cisco-sa-cimc-cmd-inj-bLuPcb	structured affected CSAF product_status
Cisco Unified Computing System E-Series Software (UCSE)	cisco-sa-cimc-cmd-inj-bLuPcb	structured affected CSAF product_status