Patch issued after testing engineers uncover RCE threat
Cisco has patched a pair of vulnerabilities in its telco-focused Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS software, including a critical flaw that presented a remote code execution risk.
Cisco StarOS used in the provision of virtual mobile networks for large corporations and telecommunication service providers.
As its name suggests, RCM is a management technology that handles the failover between different virtualized systems involved in provisioning, billing, and other telecom services.
Multiple systems are run in parallel in order to offer reliability to mobile network systems.
In a security update released on Wednesday (January 19), the networking giant said the vulnerability it has resolved could allow an “unauthenticated, remote attacker to disclose sensitive information or execute arbitrary commands as the root user in the context of the configured container”.
The CVE-2022-20649 vulnerability stems from a failure to disable the debug mode that’s there to help out during the product development process.
“This vulnerability exists because the debug mode is incorrectly enabled for specific services,” Cisco explains. “An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled.”
According to Cisco, the vulnerability only lends itself to exploitation by an authenticated attacker and would require reconnaissance – difficulties that mean what would otherwise be classified as a maximum severity flaw earns a CVSS rating of 9.0.
Data leak risk
Another software update released by Cisco this week tackles a related but less severe vulnerability in RCM.
This security issue – tracked as CVE-2022-20648 – involves an information disclosure risk and arises because “because of a debug service that incorrectly listens to and accepts incoming connections”.
There are no workarounds to protect against attack in either case, and users are advised to apply Cisco’s software updates at their earliest convenience.
Both vulnerabilities were discovered by Cisco engineers during internal security testing.
A complete list of recent Cisco security advisories can be found in the company’s online security center.