Cisco Releases Multiple High-to-Critical Severity Security Updates

 Summary

Cisco recently released security updates to address vulnerabilities in multiple Cisco products, to include two vulnerabilities rated as ‘critical’ and three rated as ‘high’ severity.   These vulnerabilities include:   CVE-2022-20648 and CVE-2022-20649 (CVSS: 9.0) are critical severity vulnerabilities in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software. These vulnerabilities could allow an unauthenticated, remote attacker to gain root-level privileges through remote code execution (RCE), further allowing an attacker to disclose sensitive information or execute arbitrary commands as the root user in the context of the configured container.   CVE-2022-20655 (CVSS: 8.8) is a high severity vulnerability in the implementation of the CLI on a device that is running ConfDdue to insufficient validation of a process argument on an affected device. This vulnerability could allow an authenticated, local attacker to perform a command injection attack.   This CVE also addresses a vulnerability in the implementation of the CLI for multiple Cisco products due to insufficient validation of a process argument on an affected product. Successful exploitation could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with the privileges of the management framework process, which are commonly root privileges.   CVE-2022-20685 (CVSS: 7.5) is a high severity vulnerability in the Modbus preprocessor of the Snort detection engine due to an integer overflow while processing Modbus traffic. This vulnerability could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.   Cisco is not aware of these vulnerabilities being exploited in the wild. Analysis Affected Versions   Various versions are affected based on each specific vulnerability. Please refer to the Cisco Security Advisory site for further details.   Potential Impact   Successful exploitation of these vulnerabilities could potentially allow attackers up to root-level access on an affected device, cause a denial-of-service (DoS) condition, execute arbitrary commands, or manipulate device configuration, potentially resulting in the disclosure of sensitive information or system downtime.     Recommendations Cisco has released software updates to address the vulnerabilities; no workarounds are available for any of these vulnerabilities.   Recommends clients apply software updates as soon as possible after appropriate evaluation and testing have been completed. References https://tools.cisco.com/security/center/publicationListing.x https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-vuls-7cS3Nuq https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confdcli-cmdinj-wybQDSSh https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj