A critical vulnerability, identified as CVE-2024-20356, has been found in Cisco's Integrated Management Controller (IMC). This flaw allows for command injection, potentially giving attackers the ability to gain root access to systems. The vulnerability is located in the web-based management interface of the IMC, which is used for remotely managing Cisco hardware. The issue arises from insufficient user input validation in the IMC interface, allowing an authenticated, remote attacker with administrative privileges to inject malicious commands.
Security researchers from Nettitude have developed a Proof of Concept (PoC) exploit, named "CISCown," to demonstrate this vulnerability. The exploit involves sending crafted commands through the web interface, enabling attackers to execute arbitrary code with root privileges on the underlying operating system of Cisco hardware. This PoC exploit is part of a toolkit developed by Nettitude and is available on GitHub. It uses parameters such as target IP, username, and password to automate the exploitation process and deploy a telnetd root shell service on compromised devices.
The release of this PoC exploit signifies a critical threat level for organizations using affected Cisco products. Gaining root access can lead to data theft, system downtime, and further network compromise. Cisco has responded by releasing software updates to address this vulnerability. It is strongly recommended that all affected organizations apply these updates immediately, as no known workaround mitigates this vulnerability.
The affected products include a range of Cisco servers and computing systems, such as the 5000 Series Enterprise Network Compute Systems (ENCS), Catalyst 8300 Series Edge uCPE, UCS C-Series M5, M6, and M7 Rack Servers in standalone mode, UCS E-Series Servers, and UCS S-Series Storage Servers. Users and administrators are advised to visit Cisco’s official security advisory page and the Nettitude GitHub repository hosting the exploitation toolkit for more detailed information and access to the updates.
📘 Unser neues Handbuch ist jetzt öffentlich! 🌐 Perfekt für Admins mit Debian/Linux-Erfahrung, um reibungslos in #UCS einzusteigen. 💻 Entwickelt, um Stolpersteine und Folgeaufwände zu umgehen. 🛠️
Hier sind einige Highlights:
✅ UCS-Konfiguration ohne Stolpersteine
✅ Richtige Befehle für Softwareverwaltung
✅ Domain-Konzept verstehen und reibungslos beitreten
"Longer #heatwaves driven by ‘turbo-charged’ climate change, say scientists - Scientists say “turbo-charged” climate change is driving the prolonged period of record temperatures currently baking much of the planet.
As the planet has heated, hotter-than-usual spells have become more intense and now last on average about 24 hours longer than 60 years ago, according to data from the National Oceanic and Atmospheric Administration. Noaa data from the 50 most populous cities in the US shows the heatwave season is 49 days longer now compared with the 1960s.
The effects of heat on health are cumulative, and the body only starts to recover when the temperature drops below 27C (80F). Even small temperature rises can result in increased deaths and illness.
“Extreme heat is killer heat, and multiple-day heatwaves – and early-season ones – are the biggest threat, because people can’t get a break and the body can only sustain it for so long,” said Brenda Ekwurzel, director of climate science for the climate and energy programme at the Union of Concerned Scientists in the US. “These are not isolated heat events; this is what the turbo-charged climate change world looks like.”
...
"Temperatures in Europe are around 10-15C hotter than usual, and the heatwave is lasting a long time, as an established high-pressure system across the region is causing temperatures to climb every day. Clouds of Saharan dust are also making conditions worse.
The sun has heated the sea, too, which is causing a feedback loop, prolonging the heatwave on land. Usually cool air blowing off the Mediterranean brings some relief.
“Unusually high sea surface temperatures are also occurring across the region, with many parts of the Mediterranean seeing surface temperatures as high as 25-28C,” said Rebekah Sherwin, a meteorologist from the Met Office’s global forecasting team. “This will exacerbate the effects of the heat over surrounding land areas, as even in coastal regions overnight temperatures are unlikely to drop much below the mid-20s Celsius.”