First published: Fri Nov 06 2020(Updated: )
A vulnerability in the web UI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary commands at the underlying operating system level.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Integrated Management Controller | <3.0\(3e\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3371 is a vulnerability in the web UI of Cisco Integrated Management Controller (IMC) that allows an authenticated, remote attacker to inject arbitrary code and execute arbitrary commands at the underlying operating system level.
CVE-2020-3371 is considered critical with a severity value of 8.8.
Cisco Integrated Management Controller versions up to and excluding 3.0(3e) are affected by CVE-2020-3371.
CVE-2020-3371 is associated with CWE-20 and CWE-78.
To fix CVE-2020-3371, it is recommended to update to a version of Cisco Integrated Management Controller that is later than 3.0(3e).