Cisco released a security update warning about a handful of vulnerabilities lurking in its networking technology, led by a critical bug in the company’s StarOS debug services. Cisco pushed out a fix for its Cisco StarOS Software on Wednesday. Jan. 19. In its advisory, the company said that the flaw in its debug service could allow an attacker to access sensitive debugging data. Cisco StarOS Software works with Cisco ASR 5000 devices to operate virtual mobile networks for enterprises and service providers. The critical bug – tracked as CVE-2022-20649 – is in the software’s Redundancy Configuration Manager. It was given a CVSS score of 9, since it could potentially allow an attacker root access to execute commands of their choice. “This vulnerability exists because the debug mode is incorrectly enabled for specific services,” Cisco’s alert said. “An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled.” Cisco has released an update for the vulnerability, which has no workaround. Cisco’s Product Security Incident Response Team (PSIRT) said that the company isn’t aware of the vulnerability being exploited in the wild. In addition to the fix for its Cisco StarOS Software debug service, Cisco also provided the following trio of security updates for mobile network operators running both Cisco hardware and software for virtualization. Snort Modbus DOS Vuln An additional fix was issued for a denial-of-service…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2022-01-20 14:35:002022-01-20 14:35:00Critical Cisco StarOS Bug Grants Root Access via Debug Mode
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org