Security News > 2022 > January > Cisco bug gives remote attackers root privileges via debug mode
Cisco has fixed a critical security flaw discovered in the Cisco Redundancy Configuration Manager for Cisco StarOS Software during internal security testing.
"A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container," Cisco said.
"An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user," Cisco added.
Today, Cisco also fixed a medium severity information disclosure bug in the Cisco RCM for Cisco StarOS caused by a debug service incorrectly listening to and accepting incoming connections.
Remote attackers could exploit this second bug by executing debug commands after connecting to the debug port.
Last year, Cisco patched several other vulnerabilities that allow threat actors to execute code and commands remotely with root privileges.