Skip to content

Defense Digests

Cisco StarOS Software Vulnerability

Dataprise Defense Digest 550x550

Table of content

EXECUTIVE SUMMARY:

Cisco has identified two new vulnerabilities affecting the Redundancy Configuration Manager for StarOS Software. These vulnerabilities were discovered by Cisco internal testing and allow an unauthenticated remote attacker to gain root level privileges. With this elevated privilege, remote code execution against the Cisco Redundancy Configuration Manager for StarOS is possible.

 

ID: D3-2022-0001-1

Severity: 9.0 (CRITICAL)


IMPACT

“An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user.” (Cisco Press Release) This indicates that with the combination of open and listening ports, improperly configured debug modes by default, and some working knowledge of the vulnerable system, malicious actors could compromise systems easily. No authentication is required.

As of this report’s writing, there are not any documented cases of exploitation in the wild of either CVE.

DETAILED ANALYSIS

Combined with the information disclosure bug referenced below, the debug service would be listening and accepting incoming connections. These incoming connections could then execute commands via the debug port. Due to improperly configured debug mode on other services, an attacker could access functions and application containers as root administrator.

DISCLOSED VULNERABILITIES

  • Cisco Redundancy Configuration Manager for Cisco StarOS Software (Critical CVSS 9.0)
    • CVE-2022-20648
    • CVE-2022-20649

MITIGATION STEPS

To download the software from the Software Center on Cisco.com, do the following:

  1. Click Browse all.
  2. Choose Wireless > Mobile Internet > Platforms > Ultra Packet Core > Ultra Software.
  3. Choose a release from the left pane.
Cisco RCM for StarOS Release First Fixed Release
Earlier than 21.25 Migrate to a fixed release.
21.25 21.25.4

SOURCES

CONTRIBUTING AUTHORS

  • Stephen Jones, Vice President, Cybersecurity Services
  • Sam Bourgeois, vCISO
  • Maximo Bredfeldt, vCISO

View all Dataprise Defense Digests here.

Recent Tweets

INSIGHTS

Learn about the latest threats and vulnerabilities with our D3 alerts.

Subscribe to get real-time notifications when a new Dataprise Defense Digest is published.