Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software had multiple vulnerabilities which could allow an unauthenticated attacker to execute arbitrary commands or disclose sensitive information with “root” privileges. These vulnerabilities were found during Internal Security Testing. It seems that there was no workaround for these vulnerabilities. Cisco’s PSIRT claims that no public announcement has been made on malicious use of this vulnerability.
As Cisco states,” These Vulnerabilities affect Cisco RCM for Cisco StarOS Software”. Cisco has also released the Fixed software section and list of Products that are Vulnerable.
Cisco has released software updates to fix the issues. It has advised its customers to upgrade to appropriate fixed software releases.
| Cisco RCM for StarOS Release | First Fixed Release |
| Earlier than 21.25 | Migrate to a fixed release. |
| 21.25 | 21.25.4 |
On investigating further, Cisco found that the vulnerabilities are not dependent on one another. In other words, exploitation of one vulnerability will not affect the other.
Cisco RCM for Cisco StarOS Software allows an attacker to execute arbitrary commands with root privileges within the configured container. This Vulnerability was due to incorrectly enabled debug mode. When debug mode is enabled, an attacker can connect to the device navigate to the service and exploit it.
Bug ID(s): CSCvy80878
CVE IDs: CVE-2022-20649
Security Impact Rating (SIR): Critical
CVSS Base Score: 9.0
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Cisco RCM for Cisco StarOS Software can use the debug function to perform actions that could result in Sensitive Information Disclosure which must be restricted. This Vulnerability was due to a debug service that incorrectly listens and accepts incoming connections. An attacker with a successful exploit can connect to the debug port to execute debug commands to view sensitive debugging information.
Bug ID(s): CSCvy80857
CVE IDs: CVE-2022-20648
Security Impact Rating (SIR): Medium
CVSS Base Score: 5.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Cisco has released software patches to fix these vulnerabilities. As previously stated, there are no workaround for these vulnerabilities.
Cisco has disclosed a significant vulnerability in its AnyConnect VPN Server for Meraki MX and Z Series…
Kaspersky Lab has uncovered a new version of the Triada Trojan, a sophisticated malware targeting…
A recent cyberattack campaign leveraging the DarkCloud stealer has been identified, targeting Spanish companies and…
Researchers from Bishop Fox have successfully exploited CVE-2024-53704, an authentication bypass vulnerability that affects SonicWall firewalls.…
Seashell Blizzard, also known as APT44, Sandworm, and Voodoo Bear, has emerged as a sophisticated…
EvilCorp, a sanctioned Russia-based cybercriminal enterprise, has been observed collaborating with RansomHub, one of the…
.webp?w=1600&resize=1600,900&ssl=1)
.webp?w=1600&resize=1600,900&ssl=1)
.webp?w=1600&resize=1600,900&ssl=1)