HomeUpdateA deadly bug in Cisco device has now been patched

A deadly bug in Cisco device has now been patched

-

Last Updated on 23/01/2022 by Nidhi Khandelwal

Cisco Systems has released patches for a significant security hole in Cisco StarOS Software’s Redundancy Configuration Manager (RCM) that could allow an unauthenticated, remote attacker to execute arbitrary code and seize control of susceptible workstations.

A deadly bug in Cisco device has now been patched 1

The vulnerability, which has been assigned the number CVE-2022-20649 (CVSS: 9.0), originates from the fact that the debug mode for specified services has been inadvertently enabled.

In a security alert, Cisco stated, “An attacker might exploit this vulnerability by connecting to the device and browsing to the service with debug mode enabled.” “If the exploit is effective, the attacker will be able to run arbitrary commands as the root user.”

The network equipment maker, however, noted that the adversary would need to perform detailed reconnaissance to allow for unauthenticated access to vulnerable devices.

Cisco said the flaw was identified during internal security testing and that no evidence of active exploitation in malicious attacks was detected.

A deadly bug in Cisco device has now been patched 2

“An attacker might exploit this vulnerability by inserting commands into this process during execution,” the report stated. “With the privileges of the management framework, a successful exploit might allow the attacker to run arbitrary commands on the underlying operating system.”

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

Data Science Drives Personalized Marketing and Customer Engagement to New Heights...

0
Personalized marketing and customer engagement are crucial for businesses to thrive in the current digital era. Because data science makes it possible for marketers...