Jailbreaking a Cisco appliance to run DOOM
Cisco appliances that are based on a preconfigured version of one of the Cisco UCS C-Series Servers that are in the preceding list are also affected by this vulnerability if they expose access to the Cisco IMC UI. At the time of publication, this included the following Cisco products:
Application Policy Infrastructure Controller (APIC) Servers
Business Edition 6000 and 7000 Appliances
Catalyst Center Appliances, formerly DNA Center
Cloud Services Platform (CSP) 5000 Series
Common Services Platform Collector (CSPC) Appliances
Connected Mobile Experiences (CMX) Appliances
Connected Safety and Security UCS Platform Series Servers
Cyber Vision Center Appliances
Expressway Series Appliances
HyperFlex Edge Nodes
HyperFlex Nodes in HyperFlex Datacenter without Fabric Interconnect (DC-NO-FI) deployment mode
IEC6400 Edge Compute Appliances
IOS XRv 9000 Appliances
Meeting Server 1000 Appliances
Nexus Dashboard Appliances
Prime Infrastructure Appliances
Prime Network Registrar Jumpstart Appliances
Secure Email Gateways1
Secure Email and Web Manager1
Secure Endpoint Private Cloud Appliances
Secure Firewall Management Center Appliances, formerly Firepower Management Center
Secure Malware Analytics Appliances
Secure Network Analytics Appliances
Secure Network Server Appliances
Secure Web Appliances1
Secure Workload Servers
Telemetry Broker Appliances
https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb