A command-injection vulnerability was found in Cisco’s production equipment. CVE-2023-20076 could allow unauthorized root-level access and remote code execution, leading to total control over a device’s operating system. The bug could also allow persistence through upgrades or reboots, despite Cisco's safeguards against such a situation.
CVE-2023-20076 impacts the following Cisco networking devices:
In addition to the command-injection flaw, researchers from Trelix found a second vulnerability in Cisco gear. The bug, tracked as CSCwc67015, was found in “yet-to-be-released” code. It could allow an attacker to remotely execute their own code and overwrite most of the files on a device. According to Cisco’s advisory, the company confirmed that the issue exists but because the unreleased code was placed there for future application packaging support, there are no devices affected. Cisco has resolved the issue, but attackers don’t have a way to capitalize off the vulnerability at this time.
Although exploiting either vulnerability would require admin-level access over a Cisco device, the company’s networking equipment is used worldwide (i.e., government organizations, enterprises, data centers, and industrial sites). Due to the popularity of the equipment, the impact of CVE-2023-20076 could be devastating for thousands of businesses. There are no workarounds for CVE-2023-20076, therefore, Avertium recommends that your organization apply the appropriate patch immediately.
At this time, there are no known IoCs associated with CVE-2023-20076 Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.