Cisco Systems has released a fix for a critical security flaw in Redundancy Configuration Manager (RCM) for StarOS Software that could allow an unauthenticated attacker to take over compromised machines.
The issue, tracked as CVE-2022-20649 (CVSS score 9.0), stems from a configuration error in the debug mode that could allow an attacker to execute arbitrary code without requiring specific permissions.
“An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled,” Cisco said in an advisory. “A successful exploit could allow the attacker to execute arbitrary commands as the root user.”
The company noted that an attacker would need to carry out detailed reconnaissance to access the vulnerable devices.
Cisco has fixed the issue to prevent exploitation, and noted that it did not find evidence of active exploitation in the past.
The company also patched a few other flaws:
CVE-2022-20648 (CVSS score: 5.3) – Cisco RCM Debug Information Disclosure Vulnerability
CVE-2022-20685 (CVSS score: 7.5) – Multiple Cisco Products Snort Modbus Denial of Service Vulnerability
CVE-2022-20655 (CVSS score: 8.8) – ConfD CLI Command Injection Vulnerability
According to Cisco, CVE-2022-20655 stems from an “insufficient validation of a process argument” on an affected device. The company noted that an attacker could inject commands during the execution of a process to gain access to the underlying operating system’s privileges.
“An attacker could exploit this vulnerability by injecting commands during the execution of this process,” the company said. “A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the management framework process, which are commonly root privileges.”