Critical Cisco StarOS Bug Grants Root Access via Debug Mode

Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.

Cisco released a security update warning about a handful of vulnerabilities lurking in its networking technology, led by a critical bug in the company’s StarOS debug services.

Cisco pushed out a fix for its Cisco StarOS Software on Wednesday. Jan. 19. In its advisory, the company said that the flaw in its debug service could allow an attacker to access sensitive debugging data.

Cisco StarOS Software works with Cisco ASR 5000 devices to operate virtual mobile networks for enterprises and service providers.

The critical bug – tracked as CVE-2022-20649 – is in the software’s Redundancy Configuration Manager. It was given a CVSS score of 9, since it could potentially allow an attacker root access to execute commands of their choice.

“This vulnerability exists because the debug mode is incorrectly enabled for specific services,”
Cisco’s alert said. “An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled.”

Cisco has released an update for the vulnerability, which has no workaround. Cisco’s Product

Read More: https://threatpost.com/critical-cisco-staros-bug-root-access-debug-mode/177832/