Technology

Cisco fixes vulnerability that may have allowed sneaky hacking

February 4, 2023

Cisco has confirmed that it has patched a critical bug that impacted its IOx application hosting environment.

Cisco IOx is an application environment that enables consistent deployment of applications that are independent of network infrastructure and Docker tools for development. It is used by a wide variety of businesses, from manufacturing to the energy sector to the public sector.

The bug, which is being tracked as CVE-2023-20076, allowed attackers to achieve persistence on the operating system and thus gain the ability to run commands remotely.

Who is affected?

“An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file,” Cisco called (opens in new tab) in its safety recommendation.

Affected are users running IOS XE without native Docker support, as well as users using 800 Series Industrial ISR Routers, CGR1000 Compute Modules, IC3000 Industrial Compute Gateways, IR510 WPAN Industrial Routers, and Cisco Catalyst Access Points (COS-APs) carry out. endpoints (opens in new tab).

Catalyst 9000 series switches, IOS XR and NX OS software, and Meraki products are unaffected by the bug, the company added.

The caveat with this vulnerability is that the threat actors must already be authenticated as administrators on the vulnerable systems.

Still, researchers at Trellix, who first spotted the flaw, said crooks could easily couple this vulnerability to others in their malicious campaigns. Authentication can be achieved using standard credentials (many users never change them), as well as through phishing and social engineering.

Once authenticated, CVE-2023-20076 can be exploited for “unrestricted access, allowing malicious code to lurk in the system and persist across reboots and firmware upgrades”.

“Bypassing this security measure means that if an attacker exploits this vulnerability, the malicious package will continue to run until the device is factory reset or manually wiped.”

The good news is that, so far, there is no evidence that the bug is being exploited in the wild. However, if you use this solution, make sure to update it to the latest version.

Above: Beeping computer (opens in new tab)

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar