101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Server stats:

484
active users

#cimc

0 posts0 participants0 posts today
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p><strong>Cisco IMC Command Injection Vulnerability Alert</strong></p><p><strong>Date</strong>: April 17, 2024<br><strong>CVE</strong>: CVE-2024-20356<br><strong>Vulnerability Type</strong>: Command Injection<br><strong>CWE</strong>: [[CWE-78]]<br><strong>Sources</strong>: <a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb" rel="nofollow noopener" target="_blank">Cisco Security Advisory</a></p><p><strong>Issue Summary</strong></p><p>A critical vulnerability has been identified in the Cisco Integrated Management Controller (IMC) web-based management interface. This flaw allows authenticated, remote attackers with Administrator-level privileges to perform command injection attacks, potentially gaining root access to the affected systems. Cisco has acknowledged the vulnerability and provided software updates to mitigate the issue.</p><p><strong>Technical Key findings</strong></p><p>The vulnerability results from inadequate input validation of command strings by the web-based management interface. Attackers can exploit this by sending specially crafted commands to the interface, which are then executed with elevated privileges.</p><p><strong>Vulnerable products</strong></p><ul><li>5000 Series Enterprise Network Compute Systems (ENCS)</li><li>Catalyst 8300 Series Edge uCPE</li><li>UCS C-Series M5, M6, and M7 Rack Servers (standalone mode)</li><li>UCS E-Series Servers</li><li>UCS S-Series Storage Servers (standalone mode)</li></ul><p><strong>Impact assessment</strong></p><p>Successful exploitation allows attackers to elevate privileges to root, leading to full system control. This can result in unauthorized access, data leakage, and potential interruption of operations.</p><p><strong>Patches or workaround</strong></p><p>No workarounds are available. Cisco recommends updating to the latest firmware versions provided in their security advisory to address this vulnerability.</p><p><strong>Tags</strong></p><p><a href="https://infosec.exchange/tags/Cisco" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cisco</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-2024-20356 <a href="https://infosec.exchange/tags/CommandInjection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CommandInjection</span></a> <a href="https://infosec.exchange/tags/CIMC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CIMC</span></a> <a href="https://infosec.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSecurity</span></a> <a href="https://infosec.exchange/tags/PatchManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PatchManagement</span></a></p>