Cisco has found and patched vulnerabilities in several products. A total of six products are affected. In Cisco’s IOx Application Hosting Environment, one leak has a high risk rating and the others pose a medium threat.
Cisco: Affected Products
The vulnerability in Cisco’s IOx Application Hosting Environment could allow authenticated attackers from the network to execute arbitrary commands as root in the underlying operating system. The error is due to insufficient filtering of parameters when activating an application. Malicious actors could abuse this by distributing and activating an application with manipulated activation data (CVE-2023-20076, CVSS 7.2Risk “hoch“).
In the security advisory, Cisco mentions that IT researchers at Trellix discovered a vulnerability in the decompression of .tar archives, which could allow attackers with crafted archives to overwrite files as root. The Trellix analysts wrote on Twitter that they were able to inject a backdoor shell that survives device restarts. Cisco has assigned a bug ID and confirmed the vulnerability, but argues that this is a future feature, is unsupported, and is currently not active. Therefore, there is no update for this error.
A reflected cross-site scripting vulnerability (CVE-2023-20068, CVSS 6.1, medium). A server-side request forgery vulnerability in the Cisco Identity Services Engine (ISE) allowed attackers to sniff out information (CVE-2023-20030, CVSS 6.0, medium). Cisco ISE also contained three privilege escalation vulnerabilities (CVE-2023-20021, CVE-2023-20022, CVE-2023-20023, CVSS 6.0, medium)
A path traversal vulnerability in Cisco’s Network Services Orchestrator could have been used by attackers to cripple the system, enabling a Denial of Service (DoS) (CVE-2023-20040, CVSS 5.5, medium). Finally, Cisco reports vulnerabilities in Cisco’s RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN routers that could allow attackers to upload arbitrary files. A firewall setting should be able to prevent this, but since the devices have already reached their end-of-life (EoL), Cisco does not provide updated firmware (CVE-2023-20073, CVSS 5.3, medium).
Cisco lists the security warnings on its own website. In it, the manufacturer explains whether temporary countermeasures or software updates are available to correct the errors.
Critical vulnerabilities in Cisco routers were recently discovered. Since these have already reached their EoL, there were no security updates from the manufacturer either.
To home page
Leave a Reply