Get in Touch
Cisco releases patches for two critical vulnerabilities
Target Industry
Indiscriminate, opportunistic targeting.
Overview
Cisco disclosed patches for two critical vulnerabilities, tracked as CVE-2023-20036 (CVSSv3 score: 9.9) and CVE-2023-20154 (CVSSv3 score: 9.1). The former pertains to a command injection flaw in the Cisco Industrial Network Director and has emerged as a result of an improper input validation when uploading a Device Pack, whereas the latter relates to the external authentication mechanism of the Modeling Labs network simulation platform.
Impact
Successful exploitation of CVE-2023-20036 could allow a threat actor to execute arbitrary commands as NT AUTHORITY\SYSTEM on the underlying operating system of an affected device.
Successful exploitation of CVE-2023-20154 could grant an unauthenticated, remote threat actor with access to the web interface with administrative privileges.
Vulnerability Detection
Cisco has released patches for the vulnerabilities. As such, previous versions are vulnerable to potential exploit.
Affected Products
CVE-2023-20036: Cisco IND
CVE-2023-20154: This vulnerability affects the following Cisco products if they are configured with LDAP authentication: Modeling Labs for Education, Modeling Labs Enterprise and Modeling Labs – Not For Resale
Containment, Mitigations & Remediations
CVE-2023-20036: It is strongly recommended that users of the associated product apply the patches that have been made available in version 1.11.3.
CVE-2023-20154: It is strongly recommended that users of the associated product apply the patches that have been made available in version 2.5.1. It should be noted that a workaround also exists with regards to CVE-2023-20154.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available at this time.
Threat Landscape
Cisco has a significant proportion of the enterprise network infrastructure market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Cisco products have become a prime target. Due to the fact that Cisco products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive data contained therein.
Threat Group
No attribution to specific threat actors or groups has been identified at the time of writing.
Mitre Methodologies
Tactic:
TA0002 – Execution
Tactic:
TA0004 – Privilege Escalation