Security News > 2023 > February > Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076)
Cisco has released patches for a high-severity vulnerability found in some of its industrial routers, gateways and enterprise wireless access points, which may allow attackers to insert malicious code that can't be deleted by simply rebooting the device or updating its firmware.
"In this case, the command injection bypasses mitigations Cisco has in place to ensure vulnerabilities do not persist in a system. Side-stepping this security measure means that if an attacker exploits this vulnerability, the malicious package will keep running until the device is factory reset or until it is manually deleted," according to Trellix vulnerability researchers Sam Quinn and Kasimir Schulz.
CVE-2023-20076 was discovered by the researchers in a Cisco ISR 4431 router - more specifically, in the Cisco IOx application hosting environment, which allows administrators to deploy application containers or virtual machines directly on Cisco devices.
"This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system," Cisco explains.
"Customers who do not want to use the Cisco IOx application hosting environment can disable IOx permanently on the device using the no iox configuration command," the company noted, after confirming that the vulnerability is present only if the Cisco IOx feature is enabled.
"With the complexities of enterprise networking, many businesses outsource the configuration and network design to third-party installers. A bad actor could use CVE-2023-20076 to maliciously tamper with one of the affected Cisco devices anywhere along this supply chain. The level of access that CVE-2023-20076 provides could allow for backdoors to be installed and hidden, making the tampering entirely transparent for the end user," they explained, and advised consumers of edge devices "To closely monitor their supply chain and ensure that any third-party resellers, partners, or managed service providers have transparent security protocols."
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-12 | CVE-2023-20076 | OS Command Injection vulnerability in Cisco products A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. | 8.8 |