Get in Touch
Indiscriminate, opportunistic targeting.
Cisco disclosed two vulnerabilities pertaining to Cisco StarOS Software and the Cisco Broadworks Network Server. The former is affected by a key-based SSH authentication privilege escalation vulnerability, tracked as CVE-2023-20046 (CVSS score: 8.8), whereas the latter by a TCP denial-of-service (DoS) vulnerability, tracked as CVE-2023-20125 (CVSS score: 8.6).
– Successful exploitation of CVE-2023-20046 allows an authenticated, remote threat actor to elevate privileges on an affected device due to insufficient validation of user-supplied credentials.
– Successful exploitation of CVE-2023-20125allows an unauthenticated, remote threat actor to exhaust system resources and cause a denial of service (DoS) condition.
Cisco has released a patch for these vulnerabilities as it relates to the respective product versions. As such, previous versions are vulnerable to potential exploit.
– ASR 5000 Series Routers
– Virtualized Packet Core – Distributed Instance (VPC-DI)
– Virtualized Packet Core – Single Instance (VPC-SI)
– Cisco BroadWorks Network Server devices operating software versions 22.0, 23.0, or Release Independent (RI) with the default configuration.
Containment, Mitigations & Remediations
It is strongly recommended that users of the respective Cisco products apply the relevant software updates to address these vulnerabilities. The respective updates can be found at the Cisco Advisories for both CVE-2023-20046 and CVE-2023-20125.
It should be noted that a Proof-of-Concept (PoC) has been developed for CVE-2023-20046. However, at the time of writing, neither vulnerability has been reported to have been maliciously exploited in the wild.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available at this time.
Cisco has a significant proportion of the enterprise network infrastructure market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Cisco products have become a prime target. Due to the fact that Cisco products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive data contained therein.
No attribution to specific threat actors or groups has been identified at the time of writing.
TA0004– Privilege Escalation
Privilege Escalation Technique:
T1068 – Exploitation for Privilege Escalation
TA0040 – Impact
T1499– Endpoint Denial of Service