Cisco has a bug that allows remote users to use root privileges using debug mode.

Cisco has announced that it has fixed a critical security flaw found in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS software.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-vuls-7cS3Nuq

Multiple vulnerabilities in the Cisco Redundancy Configuration Manager (RCM) in Cisco StarOS software allow an unauthenticated, remote attacker to gain access to configured It could allow an unauthenticated, remote attacker to disclose sensitive information or execute arbitrary commands as the root user in the context of a configured container.

This vulnerability, tracked as CVE-2022-20649, allows remote code execution (RCE) with root-level privileges on a device running vulnerable software by an unauthenticated attacker.

The company explains that this vulnerability is due to debug mode being accidentally enabled on certain services.

An attacker can exploit this vulnerability by connecting to the device and accessing the service with debug mode enabled.

However, for unauthenticated access to a device running unpatched software, an attacker must first perform a detailed reconnaissance to discover vulnerable services.

No real-world exploits possible

According to Cisco’s Product Security Incident Response Team (PSIRT), there have been no ongoing attacks that have exploited this vulnerability

Cisco has also fixed a medium severity information disclosure bug (CVE-2022-20648) in Cisco RCM for Cisco StarOS, which could be caused by the debug service incorrectly accepting incoming connections.

A remote attacker can exploit this second bug by executing debug commands after connecting to the debug port. Successful exploitation of this bug could result in access to sensitive debug information on the vulnerable device.

The company has released Cisco RCM for StarOS 21.25.4, which provides security updates to address these defects and is available from the Software Center at Cisco.com.

Cisco patched several other vulnerabilities last year that could allow an attacker to remotely execute code or commands with root privileges.

For example, in May we addressed a serious flaw in the pre-certification RCE that affected SD-WAN vManage.

This flaw allows a threat actor to gain root privileges on the underlying OS.

In April, we also fixed another pre-authentication bug in the same software (allowing attackers to gain RCE with root privileges).

Leave a Reply

Your email address will not be published.