Security News > 2022 > January > Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software

Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software
2022-01-21 22:28

Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines.

"An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled," Cisco said in an advisory.

"A successful exploit could allow the attacker to execute arbitrary commands as the root user."

Stating that the vulnerability was discovered during internal security testing, Cisco added it found no evidence of active exploitation in malicious attacks.

"An attacker could exploit this vulnerability by injecting commands during the execution of this process," it said.

"A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the management framework process, which are commonly root privileges."


News URL

https://thehackernews.com/2022/01/cisco-issues-patch-for-critical-rce.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751