Cisco has confirmed that it has patched a major vulnerability that affected the IOx application hosting environment.
Cisco IOx is an application environment that enables consistent deployment of applications that are independent of network infrastructure and development docking tools. It is used by a wide range of enterprises, from manufacturing to energy to the public sector.
The vulnerability, tracked as CVE-2023-20076, allowed cybercriminals to achieve persistence in the operating system, thus gaining the ability to remotely execute commands.
Who is affected?
“An attacker could exploit this vulnerability by deploying and activating an application in a Cisco IOx application hosting environment with a crafted activation payload file,” Cisco he said (opens in a new tab) in your security guide.
This applies to IOS XE users without native Docker support, as well as users using Industrial ISR 800 Series Routers, CGR1000 Compute Modules, IC3000 Industrial Compute Gateways, Industrial IR510 WPAN Routers, and Cisco Catalyst (COS-AP) Access Point Endpoints . (opens in a new tab).
Catalyst 9000 series switches, IOS XR and NX-OS software and Meraki products are not affected.
The caveat with this vulnerability is that attackers must already be authenticated as administrators on vulnerable systems.
Despite this, the Trellix researchers who first discovered the vulnerability say scammers can easily combine this vulnerability with others in their malicious campaigns. Authentication can be achieved using default login credentials (many users never change them), as well as through phishing and social engineering.
Once authenticated, CVE-2023-20076 can be used to gain “unrestricted access, allowing malicious code to lurk in the system and persist through reboots and firmware updates.”
“Bypassing this security measure means that if an attacker exploits this vulnerability, the malicious bundle will continue to run until the device is factory reset or manually removed.”
The good news is that so far there is no evidence that the vulnerability is being exploited in the wild, but still, if you use this solution, make sure it is updated to the latest version.
By: Beeping Computer (opens in a new tab)