Cisco IOx Vulnerability Exploited in Command Injection Attacks

by | Feb 3, 2023 | News

Cisco IOx application vulnerability exploit command injection

Post Views: 316

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 3 Minutes

Cisco security updates

Cisco has recently released security updates to address a vulnerability in its Cisco IOx application hosting environment that could be exploited in command injection attacks.
The vulnerability (CVE-2023-20076) was found and reported by researchers from the Trellix Advanced Research Center, and results from the incomplete sanitization of parameters passed during the app activation process.
If exploited in low-complexity attacks, remote authenticated threat actors could execute commands with root permissions on the underlying operating system. This flaw affects Cisco devices running IOS XE software, but only if they don’t support native docker.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

Devices impacted by the vulnerability

The impacted devices include 800 Series Industrial ISR routers, CGR1000 compute modules, IC3000 industrial compute gateways, IR510 WPAN industrial routers, and Cisco Catalyst access points.
However, this vulnerability does not affect Catalyst 9000 Series switches, IOS XR and NX-OS software, or Meraki products.

Trending: How to Exploit “improper error handling” in Web Applications

Trending: Offensive Security Tool: XSSRocket

Vulnerability exploit details 

The vulnerability can only be exploited if the attacker has authenticated administrative access to the vulnerable systems, which can be obtained through methods such as default login credentials, phishing, or social engineering. Once the administrative access has been obtained, the attacker can exploit the vulnerability for unrestricted access and allow malicious code to persist across reboots and firmware upgrades.

This is possible because the command injection allows bypassing mitigations put in place by Cisco to prevent vulnerability persistence between system reboots or system resets. While the Cisco Product Security Incident Response Team (PSIRT) has not found evidence of the vulnerability being exploited in the wild, it is crucial for users to update their systems to address this security flaw.

In January, Cisco also warned customers of a critical authentication bypass vulnerability (CVE-2023-20025) that had public exploit code affecting multiple models of end-of-life VPN routers, and one week later, Censys found over 20,000 unpatched Cisco routers exposed to attacks.

Trending: Cisco VPN Routers: 19,000 Devices Left Exposed to Remote Command Execution Exploit Chain

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This