Cisco StarOS flaws could allow remote code execution and information disclosure

Cisco addressed a critical RCE flaw in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software.

Cisco has addressed a critical remote code execution vulnerability, tracked as CVE-2022-20649, discovered in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software.

The flaw, discovered by the company experts during internal security testing, can be exploited by unauthenticated attackers to gain remote code execution (RCE) with root-level privileges on vulnerable devices.

“A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container,” reads the advisory published by Cisco. “This vulnerability exists because the debug mode is incorrectly enabled for specific services. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user.”

The vulnerability exists due to the debug mode being incorrectly enabled for specific services.

Cisco pointed out that an attacker would need to perform detailed reconnaissance to allow for unauthenticated access, the issue could be also exploited by an authenticated attacker.

Cisco’s Product Security Incident Response Team (PSIRT) confirmed that the company is not aware of attacks in the wild exploiting this vulnerability.

Cisco also addressed an information disclosure vulnerability, tracked as CVE-2022-20648, in the Cisco RCM for Cisco StarOS. The flaw resides in a debug function for Cisco RCM for Cisco StarOS Software, an unauthenticated, remote attacker can exploit this issue to perform debug actions that could result in the disclosure of confidential information that should be restricted.

“This vulnerability exists because of a debug service that incorrectly listens to and accepts incoming connections. An attacker could exploit this vulnerability by connecting to the debug port and executing debug commands. A successful exploit could allow the attacker to view sensitive debugging information.” reads the advisory published by the IT giant.

The company addressed both flaws with the release of Cisco RCM for StarOS 21.25.4.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Cisco StarOS)

[adrotate banner=”5″]

[adrotate banner=”13″]