The vulnerability impacts the Cisco 5000 Series Enterprise Network Compute Systems (ENCS), Catalyst 8300 Series Edge uCPE, UCS C-Series Rack Servers in standalone mode and UCS E-Series Servers in default configurations. Many other products and appliances that are based on UCS C-Series servers are also affected if the IMC CLI was explicitly configured to be accessible — IMC is not exposed by default on these devices.

The Cisco Product Security Incident Response Team (PSIRT) is aware of public proof-of-concept code being available for this vulnerability but has not seen malicious exploitation in the wild.

The second vulnerability, CVE-2024-20356, is located in the web-based management interface of Cisco IMC and can be exploited by attackers that have administrator-level privileges through specially crafted commands.

The flaw impacts Cisco 5000 Series Enterprise Network Compute Systems (ENCS), Catalyst 8300 Series Edge uCPE, UCS C-Series M5, M6, and M7 Rack Servers in standalone mode, UCS E-Series Servers and UCS S-Series Storage Servers in standalone mode. Similarly to the previous vulnerability, appliances based on UCS C-Series servers are also impacted if their default configurations were changed in order to expose the IMC user interface.

Most server manufacturers have their own BMC implementations and these controllers and their software have a history of serious vulnerabilities. Sophisticated attackers, including APT groups, have even created malware implants targeting these interfaces.

Bypassing SNMP restrictions in IOS and IOS XE

Cisco also patched a medium-risk vulnerability, CVE-2024-20373, in its IOS and IOS XE Software which is used on many of its enterprise switches and routers. The flaw allows unauthenticated attackers to bypass the Access Control List (ACL) feature for simple network management protocol (SNMP) in certain cases. SNMP is a protocol that allows devices to expose information about their configurations and to make modifications to those settings over the network.