Cisco bug gives remote attackers root privileges via debug mode
Reading Time: 1 Minute
Cisco has fixed a critical security flaw discovered in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software during internal security testing.
The vulnerability, tracked as CVE-2022-20649, enables unauthenticated attackers to gain remote code execution (RCE) with root-level privileges on devices running the vulnerable software.
“A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container,” Cisco said.
As the company further explains, the vulnerability exists due to the debug mode being incorrectly enabled for specific services.
“An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user,” Cisco added.
However, for unauthenticated access to devices running unpatched software, the attackers would first need to perform detailed reconnaissance to discover the vulnerable services.
No in-the-wild exploitation
Cisco’s Product Security Incident Response Team (PSIRT) said that the company is not aware of exploitation of this vulnerability in ongoing attacks.
Today, Cisco also fixed a medium severity information disclosure bug (CVE-2022-20648) in the Cisco RCM for Cisco StarOS caused by a debug service incorrectly listening to and accepting incoming connections.
Remote attackers could exploit this second bug by executing debug commands after connecting to the debug port. Successful exploitation could allow them to access sensitive debugging information on the vulnerable device.
The company has released Cisco RCM for StarOS 21.25.4, which comes with security updates to address these flaws and is available through the Software Center on Cisco.com.
Last year, Cisco patched several other vulnerabilities that allow threat actors to execute code and commands remotely with root privileges.
For instance, it addressed critical pre-authentication RCE flaw impacting SD-WAN vManage that could enable threat actors to get root privileges on the underlying OS in May. Another pre-auth bug in the same software, allowing attackers to gain RCE as root, was fixed in April.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
See Also: OSINT Tool: Commit Stream
See Also: Hacking stories – Rafael Núñez (aka RaFa), hacking NASA with the hacking group: World of Hell
Source: bleepingcomputer.com
(Click Link)
Recent News
New Zergeca Botnet: A Powerful New Threat that Employs Advanced Evasion Tactics and DDoS Attacks
Twilio API Vulnerability: Threat Actors Access Millions of MFA User Numbers
New Malware Loader FakeBat Targets Users with SEO Poisoning and Fake Updates
New OpenSSH Vulnerability “regreSSHion” Enables Root Privileges on Linux Systems
Critical Vulnerability in D-Link DIR-859 WiFi Routers Being Actively Exploited
TeamViewer Corporate Environment Breached by APT Group
Critical Authentication Bypass Flaw in MOVEit Transfer Under Active Exploitation
JavaScript Supply Chain Attack: Polyfill.io Redirects Users to Scam Sites After Chinese Acquisition
‘GrimResource’ Technique Exploits Windows XSS Flaw for Command Execution via MSC Files
Kraken Unveils $3 Million Crypto Heist by Exploiting Zero-Day Flaw