Unauthenticated Remote Code Execution Vulnerability in Cisco RCM for StarOS
CVE-2022-20649

8.1HIGH

Key Information:

Vendor
Cisco
Status
Cisco Redundancy Configuration Manager
Vendor
CVE Published:
15 November 2024

Summary

The vulnerability in Cisco RCM for Cisco StarOS Software facilitates remote code execution due to debug mode being enabled for certain services. An attacker can exploit this weakness by connecting to the device and targeting the service with debug mode active. Once exploited, the attacker gains the ability to execute arbitrary commands with root privileges, potentially compromising the system's security. While unauthenticated attackers may perform detailed reconnaissance to gain access, authenticated users can also exploit this vulnerability. Cisco has implemented software updates that resolve this issue, and no workarounds are available.

Affected Version(s)

Cisco Redundancy Configuration Manager 2021.02.0

Cisco Redundancy Configuration Manager 2021.01.0

Cisco Redundancy Configuration Manager 21.19.n13

References

https://sec.cloudapps.cisco.com/security/center/content/C...
https://sec.cloudapps.cisco.com/security/center/content/C...
https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.