Critical Cisco StarOS Bug Grants Root Access via Debug Mode

image
Cisco released a security update warning about a handful of vulnerabilities lurking in its networking technology, led by a critical bug in the company’s StarOS debug services. Cisco pushed out a fix for its Cisco StarOS Software on Wednesday. Jan. 19. In its advisory, the company said that the flaw in its debug service could allow an attacker to access sensitive debugging data. Cisco StarOS Software works with Cisco ASR 5000 devices to operate virtual mobile networks for enterprises and service providers. The critical bug – tracked as CVE-2022-20649 – is in the software’s Redundancy Configuration Manager. It was given a CVSS score of 9, since it could potentially allow an attacker root access to execute commands of their choice. “This vulnerability exists because the debug mode is incorrectly enabled for specific services,” Cisco’s alert said. “An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled.” Cisco has released an update for the vulnerability, which has no workaround. Cisco’s Product Security Incident Response Team (PSIRT) said that the company isn’t aware of the vulnerability being exploited in the wild. In addition to the fix for its Cisco StarOS Software debug service, Cisco also provided the following trio of security updates for mobile network operators running both Cisco hardware and software for virtualization. Snort Modbus DOS Vuln An additional fix was issued for a denial-of-service…

Source