Unauthenticated Remote Code Execution Vulnerability in Cisco RCM for StarOS
CVE-2022-20649

8.1HIGH

Key Information:

Vendor: Cisco
Status: Cisco Redundancy Configuration Manager
Vendor: CVE Published:; 15 November 2024

What is CVE-2022-20649?

The vulnerability in Cisco RCM for Cisco StarOS Software facilitates remote code execution due to debug mode being enabled for certain services. An attacker can exploit this weakness by connecting to the device and targeting the service with debug mode active. Once exploited, the attacker gains the ability to execute arbitrary commands with root privileges, potentially compromising the system's security. While unauthenticated attackers may perform detailed reconnaissance to gain access, authenticated users can also exploit this vulnerability. Cisco has implemented software updates that resolve this issue, and no workarounds are available.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Redundancy Configuration Manager 2021.02.0

Cisco Redundancy Configuration Manager 2021.01.0

Cisco Redundancy Configuration Manager 21.19.n13

References

https://sec.cloudapps.cisco.com/security/center/content/C...

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Nov 2, 2021

JSON

Cisco

What is CVE-2022-20649?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.