CVE-2024-20356

Name of the Vulnerable Software and Affected Versions Cisco Integrated Management Controller (IMC) (affected versions not specified)

Description A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) exists due to insufficient user input validation, allowing an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root. Researchers have demonstrated that this vulnerability can be chained with others to fully compromise a Cisco appliance.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.