Unrated severityNVD Advisory· Published Oct 2, 2024· Updated Oct 2, 2024

Cisco Integrated Management Controller Redfish Command Injection Vulnerability

CVE-2024-20365

Description

A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root.

This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending crafted commands through the Redfish API on an affected device. A successful exploit could allow the attacker to elevate privileges to root.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Cisco Systems, Inc./UCS B-Seriesllm-create
Cisco Systems, Inc./UCS Managed C-Seriesllm-create
Cisco Systems, Inc./Unified Computing Systemcpe-rescue
Range: 4.1(2a)

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-redfish-cominj-sbkv5ZZmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000