Cisco has mounted a command injection vulnerability with public exploit code that lets attackers escalate privileges to root on weak methods.
Tracked as CVE-2024-20469, the safety flaw was present in Cisco’s Id Providers Engine (ISE) answer, an identity-based community entry management and coverage enforcement software program that permits community machine administration and endpoint entry management in enterprise environments.
This OS command injection vulnerability is brought on by inadequate validation of user-supplied enter. Native attackers can exploit this weak spot by submitting maliciously crafted CLI instructions in low-complexity assaults that do not require consumer interplay.
Nevertheless, as Cisco explains, risk actors can solely exploit this flaw efficiently in the event that they have already got Administrator privileges on unpatched methods.
“A vulnerability in particular CLI instructions in Cisco Id Providers Engine (ISE) may enable an authenticated, native attacker to carry out command injection assaults on the underlying working system and elevate privileges to root,” the corporate warned in a safety advisory revealed on Wednesday.
“The Cisco PSIRT is conscious that proof-of-concept exploit code is out there for the vulnerability that’s described on this advisory.”
| Cisco ISE Launch | First Fastened Launch |
|---|---|
| 3.1 and earlier | Not affected |
| 3.2 | 3.2P7 (Sep 2024) |
| 3.3 | 3.3P4 (Oct 2024) |
| 3.4 | Not affected |
To date, the corporate has but to find proof of attackers exploiting this safety vulnerability within the wild.
Cisco additionally warned clients at present that it eliminated a backdoor account in its Good Licensing Utility Home windows software program that attackers can use to log into unpatched methods with administrative privileges.
In April, it launched safety patches for an Built-in Administration Controller (IMC) vulnerability (CVE-2024-20295) with publicly out there exploit code that additionally permits native attackers to escalate privileges to root.
One other essential flaw (CVE-2024-20401), which lets risk actors add rogue root customers and completely crash Safety Electronic mail Gateway (SEG) home equipment through malicious emails, was patched final month.
The identical week, it warned of a maximum-severity vulnerability that lets attackers change any consumer password on weak Cisco Good Software program Supervisor On-Prem (Cisco SSM On-Prem) license servers, together with directors.