CVE-2022-20648
published 2024-11-15CVE-2022-20648: A vulnerability in a debug function for Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform debug actions that could…
PriorityP432medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.98%
58.0th percentile
A vulnerability in a debug function for Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform debug actions that could result in the disclosure of confidential information that should be restricted.
This vulnerability exists because of a debug service that incorrectly listens to and accepts incoming connections. An attacker could exploit this vulnerability by connecting to the debug port and executing debug commands. A successful exploit could allow the attacker to view sensitive debugging information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Affected
501 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
| cisco | cisco_redundancy_configuration_manager | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vendor_cisco9.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Redundancy Configuration Manager for Cisco StarOS Software Multiple Vulnerabilities
vendor_cisco·2022-01-19·CVSS 9.0
CVE-2022-20648 [CRITICAL] CWE-200 Cisco Redundancy Configuration Manager for Cisco StarOS Software Multiple Vulnerabilities
Cisco Redundancy Configuration Manager for Cisco StarOS Software Multiple Vulnerabilities
Multiple vulnerabilities in Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software could allow a unauthenticated, remote attacker to disclose sensitive information or execute arbitrary commands as the root user in the context of the configured container.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-vuls-7cS3Nuq
Cisco
Cisco Redundancy Configuration Manager for Cisco StarOS Software Multiple Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2022-20648 Cisco Redundancy Configuration Manager for Cisco StarOS Software Multiple Vulnerabilities
CVE-2022-20648: Cisco Redundancy Configuration Manager for Cisco StarOS Software Multiple Vulnerabilities
Multiple vulnerabilities in Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software could allow a unauthenticated, remote attacker to disclose sensitive information or execute arbitrary commands as the root user in the context of the configured container. For more information about these vulnerabilities, see the
CVSS: 3.1
CWE: CWE-200, CWE-489, CWE-200, CWE-489
Bug IDs: CSCvy80857, CSCvy80878, CSCvy80878, CSCvy80857
GHSA
GHSA-vc8r-hj67-4hv6: A vulnerability in a debug function for Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform debug actions t
ghsa_unreviewed·2024-11-15
CVE-2022-20648 [MEDIUM] CWE-200 GHSA-vc8r-hj67-4hv6: A vulnerability in a debug function for Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform debug actions t
A vulnerability in a debug function for Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform debug actions that could result in the disclosure of confidential information that should be restricted.
This vulnerability exists because of a debug service that incorrectly listens to and accepts incoming connections. An attacker could exploit this vulnerability by connecting to the debug port and executing debug commands. A successful exploit could allow the attacker to view sensitive debugging information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-vuls-7cS3Nuqhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGOhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe
2024-11-15
Published