Immediate action is required for network administrators using devices Cisco, as a serious vulnerability in the Cisco Integrated Management Controller (IMC) could allow a malicious user to gain full control (root access) of sensitive systems.
Cisco warns of a high-severity vulnerability (CVSS score: 8.8) in the IMC management controller that could be exploited by an attacker with administrative access to execute root commands and take full control of the device. The vulnerability is due to insufficient control over user input data, allowing the execution of malicious commands.
Affected products:
- Cisco 5000 Series Enterprise Network Compute Systems (ENCS)
- Catalyst 8300 Series Edge uCPE
- UCS C-Series servers in stand-alone mode
- UCS E-Series servers
- 5520 and 8540 wireless controllers
- Application Policy Infrastructure Controller (APIC) servers
- Business Edition 6000 and 7000 devices
- Devices Catalyst Center (formerly DNA Center – DNAC)
- Cloud Services Platform (CSP) 5000 Series
- Common Services Platform Collector (CSPC) devices
- Connected devices Mobile Experiences (CMX)
- UCS Platform Server Series for better safety and connectivity
- Cyber Vision Center Devices
- Expressway series devices
- HyperFlex Edge hubs
- HyperFlex Nodes in Datacenter Mode without Fabric Interconnect (DC-NO-FI)
- IEC6400 Edge Compute Devices
- Devices IOS XRv 9000
- Meeting Server 1000 devices
- Nexus Devices Dashboard
- Prime Infrastructure Appliances
- Prime Network Registrar Jumpstart devices
- Secure Email Gateways
- Secure Email and Web Manager
- Secure Endpoint Private Cloud devices
- Devices Secure Firewall Management Center (formerly Firepower Management Center)
- Secure Malware Analytics Appliances
- Secure Network Analytics Devices
- Secure Network Server devices
- Secure Web Appliances
- Secure Workload Servers
- Telemetry Broker Devices
What to do: Cisco has released software updates to address this vulnerability. Network administrators are advised to update their systems as soon as possible, as there are no workarounds to address it.
Read more about it here