Thursday, January 30, 2025
Follow us On Linkedin
HomeCiscoCisco StarOS Flaw Let Attackers Gain Remote Code Execution on Vulnerable Device

Cisco StarOS Flaw Let Attackers Gain Remote Code Execution on Vulnerable Device

Cisco

Published on

By Balaji
Cisco StarOS Flaw Let Attackers Gain Remote Code Execution on Vulnerable Device

Free Webinar DevSecOps Hacks

SIEM as a Service

Follow Us on Google News

Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software had multiple vulnerabilities which could allow an unauthenticated attacker to execute arbitrary commands or disclose sensitive information with “root” privileges. These vulnerabilities were found during Internal Security Testing. It seems that there was no workaround for these vulnerabilities. Cisco’s PSIRT claims that no public announcement has been made on malicious use of this vulnerability.

Products Affected

As Cisco states,” These Vulnerabilities affect Cisco RCM for Cisco StarOS Software”. Cisco has also released the Fixed software section and list of Products that are Vulnerable.

Fixed Releases

Cisco has released software updates to fix the issues. It has advised its customers to upgrade to appropriate fixed software releases.

Cisco RCM for StarOS ReleaseFirst Fixed Release 
Earlier than 21.25Migrate to a fixed release.
21.2521.25.4

Details of the Vulnerabilities

On investigating further, Cisco found that the vulnerabilities are not dependent on one another. In other words, exploitation of one vulnerability will not affect the other.

CVE-2022-20649: Cisco RCM Debug Remote Code Execution Vulnerability

Cisco RCM for Cisco StarOS Software allows an attacker to execute arbitrary commands with root privileges within the configured container. This Vulnerability was due to incorrectly enabled debug mode. When debug mode is enabled, an attacker can connect to the device navigate to the service and exploit it.

Bug ID(s): CSCvy80878

CVE IDs: CVE-2022-20649

Security Impact Rating (SIR): Critical

CVSS Base Score: 9.0

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE-2022-20648: Cisco RCM Debug Information Disclosure Vulnerability

Cisco RCM for Cisco StarOS Software can use the debug function to perform actions that could result in Sensitive Information Disclosure which must be restricted. This Vulnerability was due to a debug service that incorrectly listens and accepts incoming connections. An attacker with a successful exploit can connect to the debug port to execute debug commands to view sensitive debugging information.

Bug ID(s): CSCvy80857

CVE IDs: CVE-2022-20648

Security Impact Rating (SIR): Medium

CVSS Base Score: 5.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Cisco has released software patches to fix these vulnerabilities. As previously stated, there are no workaround for these vulnerabilities.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Browser

New RDP Exploit Allows Attackers to Take Over Windows and Browser Sessions

Cybersecurity experts have uncovered a new exploit leveraging the widely used Remote Desktop Protocol...
Cyber Security News

New SMS-Based Phishing Tool ‘DevilTraff’ Enables Mass Cyber Attacks

Cybersecurity experts are sounding the alarm about a new SMS-based phishing tool, Devil-Traff, that...
Cyber Security News

DeepSeek Database Publicly Exposed Sensitive Information, Secret Keys & Logs

Experts at Wiz Research have identified a publicly exposed ClickHouse database belonging to DeepSeek,...
Cyber Security News

OPNsense 25.1 Released, What’s New!

The highly anticipated release of OPNsense 25.1 has officially arrived! Nicknamed "Ultimate Unicorn," this...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

Register Now

More like this

Cisco

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...
Cisco

Cisco ATA 190 Telephone Adapter Vulnerabilities Let Attackers Execute Remote Code

Cisco has disclosed multiple vulnerabilities affecting its ATA 190 Series Analog Telephone Adapter firmware,...
Cisco

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved