Monday, October 7, 2024
HomeCiscoCisco StarOS Flaw Let Attackers Gain Remote Code Execution on Vulnerable Device

Cisco StarOS Flaw Let Attackers Gain Remote Code Execution on Vulnerable Device

Published on

Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software had multiple vulnerabilities which could allow an unauthenticated attacker to execute arbitrary commands or disclose sensitive information with “root” privileges. These vulnerabilities were found during Internal Security Testing. It seems that there was no workaround for these vulnerabilities. Cisco’s PSIRT claims that no public announcement has been made on malicious use of this vulnerability.

Products Affected

As Cisco states,” These Vulnerabilities affect Cisco RCM for Cisco StarOS Software”. Cisco has also released the Fixed software section and list of Products that are Vulnerable.

Fixed Releases

Cisco has released software updates to fix the issues. It has advised its customers to upgrade to appropriate fixed software releases.

- Advertisement - EHA
Cisco RCM for StarOS ReleaseFirst Fixed Release 
Earlier than 21.25Migrate to a fixed release.
21.2521.25.4

Details of the Vulnerabilities

On investigating further, Cisco found that the vulnerabilities are not dependent on one another. In other words, exploitation of one vulnerability will not affect the other.

CVE-2022-20649: Cisco RCM Debug Remote Code Execution Vulnerability

Cisco RCM for Cisco StarOS Software allows an attacker to execute arbitrary commands with root privileges within the configured container. This Vulnerability was due to incorrectly enabled debug mode. When debug mode is enabled, an attacker can connect to the device navigate to the service and exploit it.

Bug ID(s): CSCvy80878

CVE IDs: CVE-2022-20649

Security Impact Rating (SIR): Critical

CVSS Base Score: 9.0

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE-2022-20648: Cisco RCM Debug Information Disclosure Vulnerability

Cisco RCM for Cisco StarOS Software can use the debug function to perform actions that could result in Sensitive Information Disclosure which must be restricted. This Vulnerability was due to a debug service that incorrectly listens and accepts incoming connections. An attacker with a successful exploit can connect to the debug port to execute debug commands to view sensitive debugging information.

Bug ID(s): CSCvy80857

CVE IDs: CVE-2022-20648

Security Impact Rating (SIR): Medium

CVSS Base Score: 5.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Cisco has released software patches to fix these vulnerabilities. As previously stated, there are no workaround for these vulnerabilities.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Cisco Nexus Vulnerability Let Hackers Execute Arbitrary Commands on Vulnerable Systems

A critical vulnerability has been discovered in Cisco's Nexus Dashboard Fabric Controller (NDFC), potentially...

CISA Warns of Cisco Smart Install Feature Actively Exploited by Hackers

The Cybersecurity and Infrastructure Security Agency (CISA) has raised alarms over malicious cyber actors'...

Critical Cisco Small Business IP Phone Flaws Exposes Users to Remote Attacks

Cisco has issued a security advisory warning users of its Small Business SPA300 and...