Cisco Patches Vulnerabilities in Integrated Management Controller, SNMP Implementation

CVE-2024-20295

Cisco Systems today released three urgent security advisories addressing critical vulnerabilities present in its Integrated Management Controller (IMC) system and its SNMP implementation within Cisco IOS and IOS XE Software. These security flaws could allow attackers to execute code remotely or access sensitive systems.

CVE-2024-20295

Key Vulnerabilities

  • CVE-2024-20295 and CVE-2024-20356: Two command injection vulnerabilities, rated 8.8 and 8.7 (High) on the CVSS scale, have been discovered in Cisco’s IMC. Successful exploitation could allow attackers to gain root-level access, potentially compromising entire systems.
  • CVE-2024-20373: A medium-severity vulnerability (CVSS 5.3) within Cisco’s SNMP implementation could allow unauthenticated attackers to conduct unauthorized SNMP polling on affected devices. This could allow the attacker to gather sensitive system information.

Affected Products

A wide range of Cisco products are affected by the IMC vulnerabilities, including:

  • Cisco 5000 Series Enterprise Network Compute Systems (ENCS)
  • Catalyst 8300 Series Edge uCPE
  • UCS C-Series Rack Servers in standalone mode
  • UCS E-Series Servers
  • Various Cisco appliances, including Wireless Controllers, DNA Center Appliances, Meeting Server Appliances, and many others.

See the full list in the official advisory for detailed information.

Proof-of-Concept Exploits Available

Cisco’s Product Security Incident Response Team (PSIRT) has confirmed that proof-of-concept exploit code exists for the IMC command injection vulnerability (CVE-2024-20295). This makes these vulnerabilities particularly dangerous and highlights the importance of immediate patching.

No Active Exploitation Observed

While there are active proof-of-concept exploits, Cisco PSIRT has not yet observed any malicious use of the vulnerabilities in the wild.

Recommendations

Cisco strongly urges IT administrators, system owners, and cybersecurity professionals to:

  1. Patch Immediately: Apply the available software updates and patches released by Cisco to affected systems as soon as possible.
  2. Review Cisco’s Advisories: Consult the official security advisories for in-depth information, mitigations, and the full list of affected products.
  3. Monitor Threat Landscape: Stay updated about potential exploit activity related to these vulnerabilities.