Cisco has mounted a command injection vulnerability with public exploit code that lets attackers escalate privileges to root on weak programs.
Tracked as CVE-2024-20469, the safety flaw was present in Cisco’s Identification Companies Engine (ISE) resolution, an identity-based community entry management and coverage enforcement software program that allows community system administration and endpoint entry management in enterprise environments.
This OS command injection vulnerability is brought on by inadequate validation of user-supplied enter. Native attackers can exploit this weak spot by submitting maliciously crafted CLI instructions in low-complexity assaults that do not require consumer interplay.
Nevertheless, as Cisco explains, menace actors can solely exploit this flaw efficiently in the event that they have already got Administrator privileges on unpatched programs.
“A vulnerability in particular CLI instructions in Cisco Identification Companies Engine (ISE) might enable an authenticated, native attacker to carry out command injection assaults on the underlying working system and elevate privileges to root,” the corporate warned in a safety advisory printed on Wednesday.
“The Cisco PSIRT is conscious that proof-of-concept exploit code is accessible for the vulnerability that’s described on this advisory.”
| Cisco ISE Launch | First Mounted Launch |
|---|---|
| 3.1 and earlier | Not affected |
| 3.2 | 3.2P7 (Sep 2024) |
| 3.3 | 3.3P4 (Oct 2024) |
| 3.4 | Not affected |
Thus far, the corporate has but to find proof of attackers exploiting this safety vulnerability within the wild.
Cisco additionally warned prospects immediately that it eliminated a backdoor account in its Sensible Licensing Utility Home windows software program that attackers can use to log into unpatched programs with administrative privileges.
In April, it launched safety patches for an Built-in Administration Controller (IMC) vulnerability (CVE-2024-20295) with publicly accessible exploit code that additionally permits native attackers to escalate privileges to root.
One other essential flaw (CVE-2024-20401), which lets menace actors add rogue root customers and completely crash Safety Electronic mail Gateway (SEG) home equipment by way of malicious emails, was patched final month.
The identical week, it warned of a maximum-severity vulnerability that lets attackers change any consumer password on weak Cisco Sensible Software program Supervisor On-Prem (Cisco SSM On-Prem) license servers, together with directors.