#CVE-2024-20356: #Jailbreaking a #Cisco appliance to run #DOOM

In this adventure, the Cisco #C195 device family was jailbroken in order to run unintended code. This includes the discovery of a vulnerability in the #CIMC body management controller which affects a range of different devices, whereby an authenticated high privilege user can obtain underlying root access to the server’s #BMC (CVE-2024-20356) which in itself has high-level access to various other components in the system. The end goal was to run DOOM – if a smart fridge can do it, why not Cisco?

source: https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/

#software #security #bug #network #game #news #vulnerability #exploit #hack #hacker

CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM - LRQA Nettitude Labs

Exploiting remote code execution in Cisco's CIMC management system and jailbreaking the device to run untrusted code

^{Aaron Thacker (LRQA Nettitude Labs)}

I was reminded of the great #Cisco security fix of 2019

#curl