Cisco Patches Critical ISE Command Injection Vulnerability with Public Exploit Code

by | Sep 5, 2024 | News




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

Cisco has patched a critical command injection vulnerability, tracked as CVE-2024-20469, in its Identity Services Engine (ISE) solution. This flaw, which has public exploit code available, allows attackers to escalate their privileges to root on vulnerable systems.

Vulnerability Overview

The CVE-2024-20469 vulnerability stems from insufficient validation of user-supplied input in specific CLI commands. This allows local attackers with administrator access to perform command injection, escalating their privileges to root. Exploiting this flaw is considered a low-complexity attack that doesn’t require user interaction but does require prior Administrator privileges on the unpatched system.

Public Exploit Code and Impact

Proof-of-concept (PoC) exploit code for this vulnerability has been made public, increasing the risk of exploitation. However, Cisco has stated that there is no evidence of active exploitation of this vulnerability in the wild. This vulnerability affects the underlying operating system, putting critical enterprise environments at risk, given that Cisco ISE is widely used for network access control and device administration.

Cisco ISE ReleaseFirst Fixed Release
3.1 and earlierNot affected
3.23.2P7 (Sep 2024)
3.33.3P4 (Oct 2024)
3.4Not affected

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Additional Cisco Vulnerabilities and Fixes

Cisco has also addressed other significant vulnerabilities recently:

  • A backdoor account was removed from its Smart Licensing Utility software, which could have allowed unauthorized administrative access.
  • A vulnerability in its Integrated Management Controller (IMC), tracked as CVE-2024-20295, was patched in April. This flaw also allowed privilege escalation to root.
  • A critical flaw (CVE-2024-20401) in Cisco’s Security Email Gateway (SEG) appliances was fixed, which could enable attackers to crash appliances or create rogue root users via malicious emails.



Mitigation and Recommendations

Administrators are urged to apply the security updates provided by Cisco immediately to mitigate the risk posed by these vulnerabilities. Patching affected systems will ensure attackers cannot exploit these weaknesses, particularly those with available PoC exploit codes.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This