Cisco has patched a high-severity flaw in its IOx application hosting environment, according to recent reports.
(https://www.bleepstatic.com/content/hl-images/2022/08/03/Cisco_headpic.jpg)
The flaw was acknowledged by the company and free software updates have been made available, along with the advice that users should update to a fixed software release. If a Cisco device supports the IOx feature, but not native Docker, and is running the IOS XE software, it is vulnerable to the exploit.
The vulnerability allows someone to exploit the device by deploying and activating an application in the Cisco IOx application hosting environment. The flaw was classified as CVE-2023-20076. Tar archives were also found to have issues when extracted, which could allow the attacker to write on the underlying operating system as a root, but Cisco has confirmed this issue cannot be immediately exploited. The company recommends that customers upgrade to a fixed software release to stay protected from these vulnerabilities.
Affected products include 800 Series Industrial ISRs, CGR1000 Compute Modules, IC3000 Industrial Compute Gateways, and IR510 WPAN Industrial Routers. Catalyst 9000 Series Switches, Cisco Catalyst 9100 Family of Access Points, IOS XR Software, Meraki products, and NX-OS Software are not vulnerable to this threat.
Cisco has acknowledged several vulnerabilities in its firmware recently. One of the vulnerabilities involves bypassing authorization through the web interface, which could allow an authorized remote attacker to access parts of the interface they should not have access to.
Another issue can cause a denial-of-service state by rebooting a target device. Cisco has since fixed these and other local vulnerabilities in an update. But, researchers from RedTeam Pentesting discovered that vulnerabilities persisted even after Cisco issued an update for the RV320 and RV325 routers in January. In fact, only superficial changes had been made, and it was possible to exploit these vulnerabilities just like before.
It is important to note that although Cisco thought it had fixed everything, there remain three vulnerabilities. Two of them involve accessing specific scripts without authentication and getting hold of sensitive information, including password hashes and VPN keys. Because of the third vulnerability, manipulating parameters in the certificate generation system environment for any command execution on the device.
Although users are advised to update their firmware to fix these vulnerabilities, the latest patch is incomplete, and Cisco is expected to release a more complete firmware patch this April.
Cisco recently addressed a high-severity bug on its IOx (Internet of Things Application Hosting) platform. This platform empowers companies to develop and deploy applications for their IoT devices. The vulnerability could have allowed an attacker to execute arbitrary code or cause a denial-of-service attack on affected devices.
The bug, designated as CVE-2021-1577, was found in the IOx application environment's virtualization infrastructure. If successfully exploited, an attacker would gain unauthorized access to the targeted device's host operating system, compromising its security.
Cisco has released software updates that address the issue. Users are strongly encouraged to update their IOx platforms to the patched versions. Additionally, Cisco advises network administrators to apply access control lists (ACLs) to limit communication between the IOx guest and the host operating system.
The high-severity bug addressed by Cisco on its IOx App Hosting Platform is an important security concern for organizations using IoT devices. The IOx platform enables the development and deployment of applications specific to these devices, but it also introduces potential vulnerabilities that need to be addressed promptly.
The vulnerability identified as CVE-2021-1577 is related to the virtualization infrastructure within the IOx application environment. If exploited successfully, an attacker could execute arbitrary code or carry out a denial-of-service attack, which can significantly impact the affected devices and compromise their security.
To mitigate this risk, Cisco has released software updates that address the bug. It is crucial for users to update their IOx platforms to the patched versions to ensure they are protected from potential exploitation. Furthermore, Cisco recommends implementing access control lists (ACLs) to restrict communication between the IOx guest and the host operating system, providing an additional layer of protection.
With this immediate response, Cisco demonstrates its commitment to maintaining the security and integrity of its products. They emphasize the importance of user vigilance in staying informed about security advisories and promptly applying any patches or updates as they become available.
By promptly addressing vulnerabilities and providing solutions, Cisco aims to safeguard its customers' IoT environments and maintain the trust that they have placed in their products.
How does a high-severity flaw like this even slip through? If you're running IOS XE without Docker, your devices are basically sitting ducks for attackers to deploy shady apps and pwn your system.
Cisco's like, "Oh, just patch it," but why are we always cleaning up their sloppy code? Gear like 800 Series ISRs is vulnerable, and don't even get me started on the Tar archive bug that could let someone root your OS.