Cisco has found and patched vulnerabilities in several products. A total of six products are affected. In Cisco’s IOx Application Hosting Environment, one leak has a high risk rating and the others pose a medium threat.
Cisco: Affected Products
The vulnerability in Cisco’s IOx Application Hosting Environment could allow authenticated attackers from the network to execute arbitrary commands as root in the underlying operating system. The error is due to insufficient filtering of parameters when activating an application. Malicious actors could abuse this by distributing and activating an application with manipulated activation data (CVE-2023-20076, CVSS 7.2Risk “hoch“).
In the security advisory, Cisco mentions that IT researchers at Trellix discovered a vulnerability in the decompression of .tar archives, which could allow attackers with crafted archives to overwrite files as root. The Trellix analysts wrote on Twitter that they were able to inject a backdoor shell that survives device restarts. Cisco has assigned a bug ID and confirmed the vulnerability, but argues that this is a future feature, is unsupported, and is currently not active. Therefore, there is no update to correct this error yet.
A reflected cross-site scripting vulnerability (CVE-2023-20068, CVSS 6.1, medium). A server-side request forgery vulnerability in the Cisco Identity Services Engine (ISE) allowed attackers to sniff out information (CVE-2023-20030, CVSS 6.0, medium). The Cisco ISE also contained three privilege escalation vulnerabilities (CVE-2023-20021, CVE-2023-20022, CVE-2023-20023, CVSS 6.0, medium)
Attackers could have paralyzed the system due to a path traversal vulnerability in Cisco’s Network Services Orchestrator, which enabled a Denial of Service (DoS) (CVE-2023-20040, CVSS 5.5, medium). Finally, Cisco reports vulnerabilities in the RV340, RV340W, RV345 and RV345P Dual WAN Gigabit VPN Routers that could allow attackers to upload arbitrary files. A firewall setting should prevent this. However, since the devices have already reached their end-of-life (EoL), Cisco does not provide updated firmware (CVE-2023-20073, CVSS 5.3, medium).
Cisco lists the security warnings on its own website. In it, the manufacturer explains whether temporary countermeasures or software updates are available to correct the errors.
Critical vulnerabilities in Cisco routers were recently discovered. Since these have already reached their EoL, there were no security updates from the manufacturer either.
(dmk)
To home page
