Cisco patched serious vulnerabilities in a number of its products this week, including its industrial network manager, modeling labs, ASR 5000 series routers and BroadWorks network server. The flaws could lead to the injection of administrative commands, authentication bypass, remote privilege escalation, and denial of service.
Cisco’s Industrial Network Manager (IND), a network monitoring and management server for operational technology (OT) networks, Received fixes for two vulnerabilities Rated critical and medium respectively. These were fixed in version 1.11.3 of the software.
The critical flaw, CVE-2023-20036, is in the Cisco IND web-based user interface and could allow authenticated remote attackers to execute arbitrary commands on the underlying Windows operating system with administrative privileges (NT AUTHORITYSYSTEM). The vulnerability is the result of insufficient input validation in the functionality that allows users to upload device packages.
The moderate risk flaw fixed in Cisco IND, CVE-2023-20039, is the result of insufficiently strong default file permissions in the application data directory. A successful exploit could allow an authenticated attacker to access sensitive information and files from this directory.
Cisco Modeling Labs flaw could allow unauthorized remote access
Cisco Modeling Labs, a local network simulation tool, There is a critical vulnerability (CVE-2023-20154) resulting from the processing of certain messages from an external LDAP authentication server, which could allow an unauthenticated remote attacker to gain access to the tool’s web interface with administrative privileges. This will give them access to view and modify all user generated simulations and data.
The flaw affects Education Modeling Labs, Corporate Modeling Labs, and Modeling Labs – Not for Resale, but not Personal and Personal Plus Modeling Labs. It can only be exploited if the external LDAP server is configured to respond to search queries with a non-empty array of matching values. An administrator can change the configuration of the LDAP server to mitigate this flaw as a temporary workaround, but customers are advised to upgrade Modeling Labs to version 2.5.1 to fix the vulnerability.
Privilege escalation is possible with a Cisco StarOS flaw
Cisco StarOS software used in ASR 5000 series routers, but also in Virtualized Packet Core – Distributed Instance (VPC-DI) and Virtualized Packet Core – Instance (VPC-SI) solutions, Has a high-risk vulnerability (CVE-2023-20046) In its implementation of key-based SSH authentication.
In particular, if an attacker sends an authentication request via SSH from an IP address configured as a source to a high-privileged account, but instead provides the SSH key for a low-privileged account, the system will authenticate them as high-privileged. account even though they didn’t provide the correct SSH key. This causes privilege escalation and is the result of insufficient validation of the provided credentials.
As a workaround, administrators can configure all user accounts approved for SSH key-based authentication to use different IP addresses. However, Cisco recommends upgrading to a permanent version of the software.
A Cisco BroadWorks vulnerability could lead to a denial of service
Cisco BroadWorks Network Server has received a patch for High risk vulnerability (CVE-2023-20125) in its TCP implementation which may lead to a denial of service situation. The flaw is due to the lack of rate limiting for incoming TCP connections, which allows unauthenticated remote attackers to send a high rate of TCP connections to the server and exhaust its system resources. Customers are advised to deploy the patches AP.ns.23.0.1075.ap385072.Linux-x86_64.zip or RI.2023.02.
Cisco also patched several medium-risk vulnerabilities this week in the TelePresence Collaboration endpoint and RoomOS, Cisco SD-WAN vManage software, and Cisco Packet Data Network Gateway. These can cause Writing an arbitrary file, Arbitrary file deletion and IPsec ICMP Denial of Service.
Copyright © 2023 IDG Communications, Inc.
