Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software
Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager (RCM) for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines.
Tracked as CVE-2022-20649 (CVSS score: 9.0), the vulnerability stems from the fact that the debug mode has been incorrectly enabled for specific services.
An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
The network equipment maker, however, noted that the adversary would need to perform detailed reconnaissance to allow for unauthenticated access to vulnerable devices.
Stating that the vulnerability was discovered during internal security testing, Cisco added it found no evidence of active exploitation in malicious attacks.
On top of this, the company also remediated a number of other flaws —
CVE-2022-20648 (CVSS score: 5.3) – Cisco RCM Debug Information Disclosure Vulnerability
CVE-2022-20685 (CVSS score: 7.5) – Multiple Cisco Products Snort Modbus Denial of Service Vulnerability (credited to Uri Katz of Claroty Research)
CVE-2022-20655 (CVSS score: 8.8) – ConfD CLI Command Injection Vulnerability
Cisco explained that CVE-2022-20655 is due to an "insufficient validation of a process argument" on an affected device.
"An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the management framework process, which are commonly root privileges."