Cisco has addressed a critical RCE vulnerability, tracked as CVE-2022-20649, discovered in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software.
The flaw, discovered during internal security testing, can be exploited by unauthenticated attackers to gain remote code execution (RCE) with root-level privileges on vulnerable devices.
This vulnerability exists because the debug mode is incorrectly enabled for specific services. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user
Cisco pointed out that an attacker would need to perform detailed reconnaissance to allow for unauthenticated access, the issue could be also exploited by an authenticated attacker.Cisco’s PSIRT confirmed that it’s not aware of attacks in the wild exploiting this vulnerability.
Cisco also addressed an information disclosure vulnerability, tracked as CVE-2022-20648, in the Cisco RCM for Cisco StarOS. The flaw resides in a debug function for Cisco RCM for Cisco StarOS Software, an unauthenticated, remote attacker can exploit this issue to perform debug actions that could result in the disclosure of confidential information that should be restricted.
This vulnerability exists because of a debug service that incorrectly listens to and accepts incoming connections. An attacker could exploit this vulnerability by connecting to the debug port and executing debug commands. A successful exploit could allow the attacker to view sensitive debugging information.
The company addressed both flaws with the release of Cisco RCM for StarOS 21.25.4.