Cisco Integrated Management Controller Privilege Escalation Vulnerability

A vulnerability exists in the SSH connection handling of Cisco Integrated Management Controller (IMC) for UCS B-Series, C-Series, S-Series, and X-Series Servers. This vulnerability allows an authenticated, remote attacker to access internal services with elevated privileges. The issue arises from inadequate restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting via SSH to the Cisco IMC of an affected device. Successful exploitation could lead to unauthorized modifications to the system, including the creation of new administrator accounts.

Impact

Exploitation of this vulnerability could allow an authenticated, remote attacker to access internal services with elevated privileges, potentially leading to unauthorized changes on the system, such as creating new administrator accounts.

Remediation

Cisco has released software updates to address this vulnerability. For UCS B-Series and X-Series Servers in UCS Manager Mode, users should upgrade to version 4.1(3n), 4.2(3k) or 4.3(4c). For UCS C-Series and S-Series Servers in Standalone Mode or Intersight Managed Mode, the first fixed release is 4.2(2f) or 4.2(3b). For appliances based on a preconfigured version of a Cisco UCS C-Series Server, instructions for upgrading the Cisco IMC software are available in the Cisco Host Upgrade Utility User Guide.