Father
Professional
- Messages
- 2,602
- Reaction score
- 760
- Points
- 113
Upgrade your servers before the cyber bandits get to them, too.
Cisco has released updates to address a major vulnerability in its integrated management controller that allows local attackers to upgrade their privileges to the administrator level.
"A vulnerability in the Cisco Integrated Management Controller (IMC) command line can allow a local authorized attacker to perform command-line attacks on the underlying operating system and elevate privileges to root," the company explained.
The issue identified as CVE-2024-20295 is caused by insufficient verification of the data entered by the user. This allows you to use specially formed commands to conduct low-complexity attacks.
The list of devices at risk includes the following series of Cisco servers:
The Cisco Product Security Incident Response Team (PSIRT) warns that the PoC exploit is already publicly available, although no active attacks have been detected yet.
Meanwhile, just a couple of days ago, the Cisco Talos released a report announcing a large-scale credential matching campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices.
The company recommended that customers take all possible measures against brute-force attacks on devices with configured remote access to VPN services.
Cisco has released updates to address a major vulnerability in its integrated management controller that allows local attackers to upgrade their privileges to the administrator level.
"A vulnerability in the Cisco Integrated Management Controller (IMC) command line can allow a local authorized attacker to perform command-line attacks on the underlying operating system and elevate privileges to root," the company explained.
The issue identified as CVE-2024-20295 is caused by insufficient verification of the data entered by the user. This allows you to use specially formed commands to conduct low-complexity attacks.
The list of devices at risk includes the following series of Cisco servers:
- 5000 Series Enterprise Network Compute Systems (ENCS);
- Catalyst 8300 Series Edge uCPE;
- UCS C-Series Servers Offline;
- UCS E-Series servers.
The Cisco Product Security Incident Response Team (PSIRT) warns that the PoC exploit is already publicly available, although no active attacks have been detected yet.
Meanwhile, just a couple of days ago, the Cisco Talos released a report announcing a large-scale credential matching campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices.
The company recommended that customers take all possible measures against brute-force attacks on devices with configured remote access to VPN services.
