Security News > 2022 > January > Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software
Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines.
"An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled," Cisco said in an advisory.
"A successful exploit could allow the attacker to execute arbitrary commands as the root user."
Stating that the vulnerability was discovered during internal security testing, Cisco added it found no evidence of active exploitation in malicious attacks.
"An attacker could exploit this vulnerability by injecting commands during the execution of this process," it said.
"A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the management framework process, which are commonly root privileges."
News URL
https://thehackernews.com/2022/01/cisco-issues-patch-for-critical-rce.html
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)