A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00451.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Cisco Cisco Unified Computing System (Standalone) affected
Version Status Constraints
3.0(1c) affected
3.0(1d) affected
3.0(2b) affected
3.0(3a) affected
3.0(3b) affected
3.0(3c) affected
3.0(3e) affected
3.0(3f) affected
3.0(4a) affected
3.0(4d) affected
3.0(4e) affected
3.0(4i) affected
3.0(4j) affected
3.0(4k) affected
3.0(4l) affected
3.0(4m) affected
3.0(4n) affected
3.0(4o) affected
3.0(4p) affected
3.0(4q) affected
3.0(4r) affected
3.0(4s) affected
2.0(10b) affected
2.0(10c) affected
2.0(10e) affected
2.0(10f) affected
2.0(10g) affected
2.0(10h) affected
2.0(10i) affected
2.0(10k) affected
2.0(10l) affected
2.0(12b) affected
2.0(12c) affected
2.0(12d) affected
2.0(12e) affected
2.0(12f) affected
2.0(12g) affected
2.0(12h) affected
2.0(12i) affected
2.0(13e) affected
2.0(13f) affected
2.0(13h) affected
2.0(13i) affected
2.0(13k) affected
2.0(13n) affected
2.0(13o) affected
2.0(13p) affected
2.0(13q) affected
2.0(1a) affected
2.0(1b) affected
2.0(3d)1 affected
2.0(3d)2 affected
2.0(3e)1 affected
2.0(3f)3 affected
2.0(3i) affected
2.0(3j)1 affected
2.0(4c) affected
2.0(4c)1 affected
2.0(6d) affected
2.0(6f) affected
2.0(8d) affected
2.0(8e) affected
2.0(8g) affected
2.0(8h) affected
2.0(9c) affected
2.0(9e) affected
2.0(9f) affected
2.0(9l) affected
2.0(9m) affected
2.0(9n) affected
2.0(9o) affected
2.0(9p) affected
3.1(1d) affected
3.1(2b) affected
3.1(2c) affected
3.1(2d) affected
3.1(2e) affected
3.1(2g) affected
3.1(2i) affected
3.1(3a) affected
3.1(3b) affected
3.1(3c) affected
3.1(3d) affected
3.1(3g) affected
3.1(3h) affected
3.1(3i) affected
3.1(3j) affected
3.1(3k) affected
4.0(1.240) affected
4.0(1a) affected
4.0(1b) affected
4.0(1c) affected
4.0(1d) affected
4.0(1e) affected
4.0(1g) affected
4.0(1h) affected
4.0(2c) affected
4.0(2d) affected
4.0(2f) affected
4.0(2g) affected
4.0(2h) affected
4.0(2i) affected
4.0(2l) affected
4.0(2n) affected
4.0(4b) affected
4.0(4c) affected
4.0(4d) affected
4.0(4e) affected
4.0(4f) affected
4.0(4h) affected
4.0(4i) affected
4.0(4k) affected
4.0(4l) affected
4.0(4m) affected
4.0(2o) affected
4.0(2p) affected
4.0(4n) affected
4.0(2q) affected
4.0(2r) affected
4.1(1c) affected
4.1(1d) affected
4.1(1f) affected
4.1(1g) affected
4.1(2a) affected
4.1(1h) affected
4.1(2b) affected
4.1(2f) affected
4.1(2e) affected
4.1(3b) affected
4.1(2d) affected
4.1(3c) affected
4.1(3d) affected
4.1(2g) affected
4.1(3f) affected
4.1(2h) affected
4.1(2j) affected
4.1(2k) affected
4.1(2l) affected
4.1(3h) affected
4.1(3i) affected
4.1(3l) affected
4.2(1a) affected
4.2(1b) affected
4.2(1c) affected
4.2(1e) affected
4.2(1f) affected
4.2(1g) affected
4.2(1i) affected
4.2(1j) affected
4.2(2a) affected
4.2(2f) affected
4.2(2g) affected
4.2(3b) affected
4.2(3d) affected
4.2(3e) affected
4.2(3g) affected
4.2(3h) affected
4.2(3i) affected
4.3(1.230097) affected
4.3(1.230124) affected
4.3(1.230138) affected
4.3(2.230207) affected
4.3(2.230270) affected
Cisco Cisco Unified Computing System E-Series Software (UCSE) affected
Version Status Constraints
N/A affected

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Cisco Subscribe
Integrated Management Controller Subscribe

Project Subscriptions

Vendors Products
Cisco Subscribe
Integrated Management Controller Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2024-18010 A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ cve-icon cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2024-08-01T21:59:41.494Z

Reserved: 2023-11-08T15:08:07.629Z

Link: CVE-2024-20295

cve-icon Vulnrichment

Updated: 2024-08-01T21:59:41.494Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-24T20:15:07.267

Modified: 2024-11-21T08:52:14.813

Link: CVE-2024-20295

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T11:21:54Z

Weaknesses