Cisco Issues Patch for Critical RCE Vulnerability in StarOS Redundancy Configuration Manager

Cisco Patches Critical RCE Vulnerability in StarOS Redundancy Configuration Manager

Cisco Systems has released a fix for a critical security flaw in Redundancy Configuration Manager (RCM) for StarOS Software that could allow an unauthenticated attacker to take over compromised machines.

The issue, tracked as CVE-2022-20649 (CVSS score 9.0), stems from a configuration error in the debug mode that could allow an attacker to execute arbitrary code without requiring specific permissions.

“An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled,” Cisco said in an advisory. “A successful exploit could allow the attacker to execute arbitrary commands as the root user.”

The company noted that an attacker would need to carry out detailed reconnaissance to access the vulnerable devices.

Cisco has fixed the issue to prevent exploitation, and noted that it did not find evidence of active exploitation in the past.

The company also patched a few other flaws:

CVE-2022-20648 (CVSS score: 5.3) – Cisco RCM Debug Information Disclosure Vulnerability

CVE-2022-20685 (CVSS score: 7.5) – Multiple Cisco Products Snort Modbus Denial of Service Vulnerability

CVE-2022-20655 (CVSS score: 8.8) – ConfD CLI Command Injection Vulnerability

According to Cisco, CVE-2022-20655 stems from an “insufficient validation of a process argument” on an affected device. The company noted that an attacker could inject commands during the execution of a process to gain access to the underlying operating system’s privileges.

“An attacker could exploit this vulnerability by injecting commands during the execution of this process,”  the company said. “A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the management framework process, which are commonly root privileges.”

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.

Share: