Home Industry Cisco CERT-In discovers vulnerabilit...
Cisco
Business Fortune
20 May, 2024
Two major flaws in Cisco products have been discovered by CERT-In, which could enable attackers to escalate privileges to root on the underlying operating system.
As per CERT-In's most recent advisory, the vulnerabilities found in the company's software 'ConfD CLI' might enable a low-privileged, local attacker who is authenticated to read and write any file as root or escalate privileges to root on the underlying operating system. The ConfD CLI has an "Arbitrary File Read and Write Vulnerability" because certain CLI commands are performed improperly, resulting in poor authorization enforcement. It is recommended that all users of Cisco's software 'ConfD CLI' update their systems immediately to address the vulnerabilities identified by CERT-In. By taking this action, users can safeguard themselves from potential attacks that might result in unauthorized access or privilege escalation on their operating systems.
An attacker can exploit this vulnerability by running a specific command with the necessary inputs. The vulnerability could allow an attacker to read or write any file on the operating system with root user capabilities.
Executing certain CLI commands can lead to a privilege assignment error, causing a vulnerability called "Privilege Escalation" in the affected product. The cyber agency claims that an attacker might use an impacted CLI command to take advantage of this issue. Furthermore, users were encouraged by CERT-In to deploy the relevant upgrades that Cisco published.