Security News > 2022 > January > Cisco bug gives remote attackers root privileges via debug mode

Cisco bug gives remote attackers root privileges via debug mode
2022-01-20 13:15

Cisco has fixed a critical security flaw discovered in the Cisco Redundancy Configuration Manager for Cisco StarOS Software during internal security testing.

"A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container," Cisco said.

"An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user," Cisco added.

Today, Cisco also fixed a medium severity information disclosure bug in the Cisco RCM for Cisco StarOS caused by a debug service incorrectly listening to and accepting incoming connections.

Remote attackers could exploit this second bug by executing debug commands after connecting to the debug port.

Last year, Cisco patched several other vulnerabilities that allow threat actors to execute code and commands remotely with root privileges.


News URL

https://www.bleepingcomputer.com/news/security/cisco-bug-gives-remote-attackers-root-privileges-via-debug-mode/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 4409 230 3101 1852 602 5785