Cisco bug gives remote attackers root privileges via debug mode

by | Jan 21, 2022 | News

Reading Time: 1 Minute

 

Cisco has fixed a critical security flaw discovered in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software during internal security testing.

 

 

The vulnerability, tracked as CVE-2022-20649, enables unauthenticated attackers to gain remote code execution (RCE) with root-level privileges on devices running the vulnerable software.

“A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container,” Cisco said.

As the company further explains, the vulnerability exists due to the debug mode being incorrectly enabled for specific services.

“An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user,” Cisco added.

However, for unauthenticated access to devices running unpatched software, the attackers would first need to perform detailed reconnaissance to discover the vulnerable services.

 
 
 

See Also: Complete Offensive Security and Ethical Hacking Course

 

 

No in-the-wild exploitation

 

Cisco’s Product Security Incident Response Team (PSIRT) said that the company is not aware of exploitation of this vulnerability in ongoing attacks.

Today, Cisco also fixed a medium severity information disclosure bug (CVE-2022-20648) in the Cisco RCM for Cisco StarOS caused by a debug service incorrectly listening to and accepting incoming connections.

Remote attackers could exploit this second bug by executing debug commands after connecting to the debug port. Successful exploitation could allow them to access sensitive debugging information on the vulnerable device.

 
 

 

 
 

The company has released Cisco RCM for StarOS 21.25.4, which comes with security updates to address these flaws and is available through the Software Center on Cisco.com.

Last year, Cisco patched several other vulnerabilities that allow threat actors to execute code and commands remotely with root privileges.

For instance, it addressed critical pre-authentication RCE flaw impacting SD-WAN vManage that could enable threat actors to get root privileges on the underlying OS in May. Another pre-auth bug in the same software, allowing attackers to gain RCE as root, was fixed in April.

 

 

 

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

 

See Also: OSINT Tool: Commit Stream

 

 

 

See Also: Hacking stories – Rafael Núñez (aka RaFa), hacking NASA with the hacking group: World of Hell

 

Source: bleepingcomputer.com

 

(Click Link)

 


 

merch

Share This