Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software

Cisco Systems has rolled out fixes for a critical security flaw
affecting Redundancy Configuration Manager (RCM) for Cisco StarOS
Software that could be weaponized by an unauthenticated, remote
attacker to execute arbitrary code and take over vulnerable
machines.

Tracked as CVE-2022-20649^[1]
(CVSS score: 9.0), the vulnerability stems from the fact that the
debug mode has been incorrectly enabled for specific services.

“An attacker could exploit this vulnerability by connecting to
the device and navigating to the service with debug mode enabled,”
Cisco said in an advisory. “A successful exploit could allow the
attacker to execute arbitrary commands as the root user.”

The network equipment maker, however, noted that the adversary
would need to perform detailed reconnaissance to allow for
unauthenticated access to vulnerable devices.

Stating that the vulnerability was discovered during internal
security testing, Cisco added it found no evidence of active
exploitation in malicious attacks.

On top of this, the company also remediated a number of other
flaws —

• CVE-2022-20648^[2]
  (CVSS score: 5.3) – Cisco RCM Debug Information Disclosure
  Vulnerability
• CVE-2022-20685^[3]
  (CVSS score: 7.5) – Multiple Cisco Products Snort Modbus Denial of
  Service Vulnerability
• CVE-2022-20655^[4]
  (CVSS score: 8.8) – ConfD CLI Command Injection Vulnerability

Cisco explained that CVE-2022-20655 is due to an “insufficient
validation of a process argument” on an affected device.

“An attacker could exploit this vulnerability by injecting
commands during the execution of this process,” it said^[5]. “A successful exploit
could allow the attacker to execute arbitrary commands on the
underlying operating system with the privileges of the management
framework process, which are commonly root privileges.”