<- Back to Insights
April 22, 2024
Cisco Discloses High-Severity Vulnerability, Exploit Code Released
CRN
|
Contributed by: Drex DeFord
Summary
Cisco has disclosed and issued a patch for a high-severity vulnerability affecting the Integrated Management Controller in a range of devices, including UCS C-Series Rack Servers and 5000 Series Enterprise Network Compute Systems. This flaw, having an 8.8 out of 10 severity rating, could allow an authenticated, local attacker with at least read-only privileges to execute command injection attacks and gain root access. While Cisco reported no known instances of the vulnerability being exploited, code that could be used for such purposes has been made public. Customers are urged to apply the provided patches, as no alternative mitigations have been advised, and a wide spectrum of Cisco devices could be impacted if running vulnerable versions of the software with default configurations.
Explore Related Topics