Cisco IMC Command Injection Vulnerability Allowing Remote Code Execution

A command injection vulnerability has been identified in the web-based management interface of Cisco Integrated Management Controller (IMC). This vulnerability allows an authenticated, remote attacker with admin-level privileges to execute arbitrary commands on the underlying operating system as the root user. The issue arises from improper validation of user-supplied input, enabling attackers to send crafted commands that are executed with elevated privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution on the affected system, with the executed commands running as the root user, allowing for complete control over the system.

Remediation

Cisco has released software updates to address this vulnerability. For Cisco 5000 Series ENCS and Catalyst 8300 Series Edge uCPE, upgrading Cisco IMC requires first upgrading Cisco Enterprise NFV Infrastructure Software (NFVIS) on the platforms. For UCS C-Series M5 and M6 Rack Servers, instructions for upgrading are available in the Cisco Host Upgrade Utility User Guide. For UCS E-Series Servers, the first fixed release varies by model and is also detailed in the advisory.