Home / About / Threat Intelligence / Cisco Critical Flaw That Could Lead To Root Level Access

Overview

Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers remote code execution (RCE) on the application with root-level privileges.

Impact

The flaw could potentially allow an attacker to access sensitive debugging data. The critical bug – tracked as CVE-2022-20649 – is in the software’s Redundancy Configuration Manager. It could potentially allow an attacker root access to execute commands of their choice. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled.

Products Affected

Cybervision Software, Firepower Threat Defense (FTD)

Containment, Mitigations & Remediation

Cisco has released an update for the vulnerability. Cisco also provided security updates for mobile network operators running both Cisco hardware and software for virtualisation. Be sure to update your software.

Indicators of Compromise

This vulnerability exists because the debug mode is incorrectly enabled for specific services.

Threat Landscape

Cisco StarOS Software works with Cisco ASR 5000 devices to operate virtual mobile networks for enterprises and service providers.

Network operators running Cisco products for mobile internet, network management and provisioning, optical networking, enterprise, service provider routing and switching are likely vulnerable to a command injection vulnerability caused by a faulty application of the Command Line Interface (CLI).

An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the management framework process, which are commonly root privileges. Companies should take note of this and stay vigilant.

Mitre Methodologies

[T1083] File and Directory Discovery
[T1203] Exploitation for Client Execution
[TA0004] Privilege Escalation
[T1574] Hijack Execution Flow

Further Information

Critical Cisco StarOS Bug Grants Root Access via Debug Mode
Cisco Releases Security Updates for Multiple Products