Pierluigi Paganini
April 21, 2023
Cisco released security updates to address critical security vulnerabilities in the Industrial Network Director and Modeling Labs solutions.
An attacker can exploit these vulnerabilities to inject arbitrary operating system commands or access sensitive data.
One of the issues tracked as CVE-2023-20036 (CVSS score: 9.9) resides in the web UI of the Cisco Industrial Network Director. An attacker can exploit the flaw to execute arbitrary commands with administrative privileges on the underlying operating system.
“A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device.” reads the advisory. “This vulnerability is due to improper input validation when uploading a Device Pack. An attacker could exploit this vulnerability by altering the request that is sent when uploading a Device Pack. A successful exploit could allow the attacker to execute arbitrary commands as NT AUTHORITY\SYSTEM on the underlying operating system of an affected device.”
Cisco also addressed a file permissions vulnerability, tracked as CVE-2023-20039 (CVSS score: 5.5), that can allow an authenticated, local attacker to read application data.
“This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the application data directory. A successful exploit could allow the attacker to view sensitive information.” reads the advisory published by the company.
The IT giant addressed the flaws with the release of version 1.11.3, the company pointed out that there are no workarounds that address these issues.
The two flaws were reported to the company by an unnamed “external” researcher.
Cisco addressed a critical vulnerability, tracked as CVE-2023-20154 (CVSS score: 9.1), in the external authentication mechanism. An unauthenticated, remote attacker can trigger the issue to access the web interface with administrative privileges.
“This vulnerability is due to the improper handling of certain messages that are returned by the associated external authentication server. An attacker could exploit this vulnerability by logging in to the web interface of an affected server. Under certain conditions, the authentication mechanism would be bypassed and the attacker would be logged in as an administrator.” reads the advisory published by the company. “A successful exploit could allow the attacker to obtain administrative privileges on the web interface of an affected server, including the ability to access and modify every simulation and all user-created data. To exploit this vulnerability, the attacker would need valid user credentials that are stored on the associated external authentication server.”
Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:
Please nominate Security Affairs as your favorite blog.
Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISCO)
