cbcvebase.
CVE-2022-20649
published 2024-11-15

CVE-2022-20649: A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with…

PriorityP267high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
11.64%
95.5th percentile
A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled for specific services. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user. The attacker would need to perform detailed reconnaissance to allow for unauthenticated access. The vulnerability can also be exploited by an authenticated attacker. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Affected

501 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager
ciscocisco_redundancy_configuration_manager

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit requires connecting to the device and navigating to a service with debug mode incorrectly enabled; look for unexpected inbound connections to Cisco RCM services running in debug mode
  • Attacker must perform detailed reconnaissance prior to exploitation; monitor for unusual scanning or enumeration activity targeting Cisco RCM for StarOS infrastructure
  • Successful exploitation results in arbitrary command execution as root within the configured container context; alert on unexpected root-level process spawning within RCM containers
  • Vulnerability is classified under CWE-489 (Active Debug Code) — audit Cisco RCM deployments for services running with debug mode enabled and exposed to the network
  • Track Cisco bug IDs CSCvy80857 and CSCvy80878 for patch status verification on affected Cisco RCM for StarOS deployments
  • ·The vulnerability exists because debug mode is incorrectly enabled for specific services in Cisco RCM for StarOS; no workarounds are available — patching is the only remediation
  • ·The vulnerability can be exploited by both unauthenticated and authenticated attackers, broadening the attack surface beyond perimeter controls
  • ·Exploitation occurs within the context of the configured container, meaning impact is scoped to the container but with root-level privileges inside it

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_cisco9.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.