Cisco Patches Critical ISE Command Injection Vulnerability with Public Exploit Code
Cisco has patched a critical command injection vulnerability, tracked as CVE-2024-20469, in its Identity Services Engine (ISE) solution. This flaw, which has public exploit code available, allows attackers to escalate their privileges to root on vulnerable systems.
Vulnerability Overview
The CVE-2024-20469 vulnerability stems from insufficient validation of user-supplied input in specific CLI commands. This allows local attackers with administrator access to perform command injection, escalating their privileges to root. Exploiting this flaw is considered a low-complexity attack that doesn’t require user interaction but does require prior Administrator privileges on the unpatched system.
Public Exploit Code and Impact
Proof-of-concept (PoC) exploit code for this vulnerability has been made public, increasing the risk of exploitation. However, Cisco has stated that there is no evidence of active exploitation of this vulnerability in the wild. This vulnerability affects the underlying operating system, putting critical enterprise environments at risk, given that Cisco ISE is widely used for network access control and device administration.
Cisco ISE Release | First Fixed Release |
---|---|
3.1 and earlier | Not affected |
3.2 | 3.2P7 (Sep 2024) |
3.3 | 3.3P4 (Oct 2024) |
3.4 | Not affected |
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Additional Cisco Vulnerabilities and Fixes
Cisco has also addressed other significant vulnerabilities recently:
- A backdoor account was removed from its Smart Licensing Utility software, which could have allowed unauthorized administrative access.
- A vulnerability in its Integrated Management Controller (IMC), tracked as CVE-2024-20295, was patched in April. This flaw also allowed privilege escalation to root.
- A critical flaw (CVE-2024-20401) in Cisco’s Security Email Gateway (SEG) appliances was fixed, which could enable attackers to crash appliances or create rogue root users via malicious emails.
Trending: 10 Misconceptions about Hacking
Trending: OSINT Tool: cloud_enum
Mitigation and Recommendations
Administrators are urged to apply the security updates provided by Cisco immediately to mitigate the risk posed by these vulnerabilities. Patching affected systems will ensure attackers cannot exploit these weaknesses, particularly those with available PoC exploit codes.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com