Aaron Thacker

**Name of the Vulnerable Software and Affected Versions** Cisco Integrated Management Controller (IMC) (affected versions not specified) **Description** A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) exists due to insufficient user input validation, allowing an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root. Researchers have demonstrated that this vulnerability can be chained with others to fully compromise a Cisco appliance. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.