Description
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root.
Exploits (2)
Scores
CVSS v3
8.7
EPSS
0.4336
EPSS Percentile
97.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (50)
Cisco/Cisco Unified Computing System E-Series Software (UCSE)
2.0.0
Cisco/Cisco Unified Computing System E-Series Software (UCSE)
2.1.0
Cisco/Cisco Unified Computing System E-Series Software (UCSE)
2.2.1
Cisco/Cisco Unified Computing System E-Series Software (UCSE)
2.2.2
Cisco/Cisco Unified Computing System E-Series Software (UCSE)
2.3.1
Cisco/Cisco Unified Computing System E-Series Software (UCSE)
2.3.2
Cisco/Cisco Unified Computing System E-Series Software (UCSE)
2.3.3
Cisco/Cisco Unified Computing System E-Series Software (UCSE)
2.3.5
Cisco/Cisco Unified Computing System E-Series Software (UCSE)
2.4.0
Cisco/Cisco Unified Computing System E-Series Software (UCSE)
2.4.1
... and 40 more
Published
Apr 24, 2024
Tracked Since
Feb 18, 2026