Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-20365
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cisco Integrated Management Controller Redfish Command Injection Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending crafted commands through the Redfish API on an affected device. A successful exploit could allow the attacker to elevate privileges to root.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco UCS B-Series Blade Servers、Cisco UCS Managed C-Series Rack Servers和Cisco UCS X-Series Modular System 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco UCS B-Series Blade Servers等都是美国思科(Cisco)公司的产品。Cisco UCS B-Series Blade Servers是一款UCS B系列刀片服务器设备。Cisco UCS Managed C-Series Rack Servers是一款标准形式的服务器,设计用于安装在机架中,以节省数据中心空间。Cisco UCS X-Series Modular System是一种模块化服务器系统,允许用户根据需要添加或更换计算、网络和存储模块。 Cisco UCS B
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
CiscoCisco Unified Computing System (Managed) 4.1(2a) -
II. Public POCs for CVE-2024-20365
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2024-20365
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Cisco Unified Computing System (Managed)
Same vendor: Cisco
Same weakness: CWE-77
V. Comments for CVE-2024-20365

No comments yet

Leave a comment