>
Cisco has confirmed that it has patched a very serious bug that affected the hosting environment of its IOX applications.
Cisco IOx is an application environment that enables consistent deployment of applications independent of network infrastructure and docker development tooling. It is used by a wide range of businesses from manufacturing to energy and the public sector.
The flaw, tracked as CVE-2023-20076, allowed threat actors to achieve persistence on the operating system, giving them the ability to execute commands remotely.
Who is affected?
An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment using a crafted activation payload file. said (opens in new tab) in its security advisory.
Users using IOS XE without native docker support are affected, as well as users of 800 series industrial ISR routers, CGR1000 compute modules, IC3000 industrial compute gateways, IR510 WPAN industrial routers, and Cisco Catalyst access point (COS-APs) endpoints (opens in new tab).
Catalyst 9000 Series switches, IOS XR and NX-OS software and Meraki products are not affected by the flaw, the company added.
The caveat with this vulnerability is that the threat actors must already be authenticated as administrators on the vulnerable systems.
Still, Trellix researchers, who first discovered the flaw, said scammers could easily link this vulnerability to others in their malicious campaigns. Authentication can be obtained with standard credentials (many users never change these), as well as through phishing and social engineering.
After authentication, CVE-2023-20076 can be exploited for “unrestricted access, allowing malicious code to lurk in the system and persist through reboots and firmware upgrades.”
“Bypassing this security measure means that if an attacker exploits this vulnerability, the malicious package will continue to run until the device is factory reset or manually removed.”
The good news is that so far there is no evidence of the flaw being exploited in the wild, but still, if you use this solution, make sure it is updated to the latest version.
Through: Beeping computer (opens in new tab)