CVE-2024-20365

Name of the Vulnerable Software and Affected Versions: Cisco UCS B-Series, Managed C-Series, and X-Series Servers (affected versions not specified)

Description: The issue is related to insufficient input validation in the Redfish API, allowing an authenticated, remote attacker with administrative privileges to perform command injection attacks and elevate privileges to root. This can be achieved by sending crafted commands through the Redfish API on an affected device. The vulnerability is due to the lack of proper measures to neutralize special elements.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.