top of page

Cisco Integrated Management Controller (IMC) Software Command Execution (CVE-2024-20356)

Application Details

The Cisco Integrated Management Controller (IMC) is a baseboard management controller that provides embedded server management for Cisco UCS C-Series Rack Servers and Cisco UCS S-Series Storage Servers. The Cisco IMC enables system management in the data center and across distributed branch-office locations. It supports multiple management interfaces, including a Web User Interface (Web UI), a Command-Line Interface (CLI), and an XML


Cisco Integrated Management Controller (IMC) Software could allow a remote authenticated attacker to execute arbitrary commands on the system.


This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to perform command injection attacks on the system and elevate privileges to root.

POST /data



By turning this into a traffic file and matching rule, we are able to detect attempts to execute arbitrary commands on the system.


Idappcom have created signature 8024856 along with a traffic file for this vulnerability.


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here:


bottom of page