HomeUpdateA deadly bug in Cisco device has now been patched

A deadly bug in Cisco device has now been patched

-

Last Updated on 23/01/2022 by Nidhi Khandelwal

Cisco Systems has released patches for a significant security hole in Cisco StarOS Software’s Redundancy Configuration Manager (RCM) that could allow an unauthenticated, remote attacker to execute arbitrary code and seize control of susceptible workstations.

A deadly bug in Cisco device has now been patched 1

The vulnerability, which has been assigned the number CVE-2022-20649 (CVSS: 9.0), originates from the fact that the debug mode for specified services has been inadvertently enabled.

In a security alert, Cisco stated, “An attacker might exploit this vulnerability by connecting to the device and browsing to the service with debug mode enabled.” “If the exploit is effective, the attacker will be able to run arbitrary commands as the root user.”

The network equipment maker, however, noted that the adversary would need to perform detailed reconnaissance to allow for unauthenticated access to vulnerable devices.

Cisco said the flaw was identified during internal security testing and that no evidence of active exploitation in malicious attacks was detected.

A deadly bug in Cisco device has now been patched 2

“An attacker might exploit this vulnerability by inserting commands into this process during execution,” the report stated. “With the privileges of the management framework, a successful exploit might allow the attacker to run arbitrary commands on the underlying operating system.”

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

This is how Russia is being punished for the war

0
The developer of the popular "node-ipc" NPM package published a new modified version to denounce Russia's invasion of Ukraine, sparking concerns about open-source and...