Other official information and services: www.belgium.be

WARNING: CISCO PATCHED 2 CRITICAL VULNERABILITIES, PATCH IMMEDIATELY!

Référence:

Advisory #2023-45

Version:

1.0

Logiciels concernés :

Cisco Industrial Network Director earlier than version 1.11.3

Cisco Modeling Labs earlier than version 2.5.1

Type:

Remote Code Execution and Authentication bypass vulnerabilities

CVE/CVSS:

CVE-2023-20036, 9.9(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVE-2023-20154, 9.1(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

Date:

24/04/2023

Sources

Cisco Industrial Network Director Vulnerabilities
Cisco Modeling Labs External Authentication Bypass Vulnerability

Risques

On the 19th of April, Cisco released multiple security advisories for their products, including 2 critical vulnerabilities in the products "Industrial Network Director" and "Modeling Labs".

Both vulnerabilities have a high impact on confidentiality and integrity, whereas the vulnerability concerning the first product, has also impact on availability.

Neither vulnerabilities are reported to be exploited in the wild. Patching these vulnerabilities is recommended considering the criticality of the impact.

Description

CVE-2023-20036 - Cisco Industrial Network Director Command Injection Vulnerability

CVE-2023-20036 is a vulnerability in the Cisco Industrial Network Director software that allows an authenticated remote attacker with low privileges to execute arbitrary operating system commands with administrative privileges. It has a CVSSv3.1 score of 9.9.

This is possible due to improper input validation when uploading a "Device Pack". By altering the request when this pack is uploaded, an attacker can execute commands as NT AUTHORITY\SYSTEM on the underlying operating system of the affected devices.

CVE-2023-20154 - Cisco Modeling Labs External Authentication Bypass Vulnerability

CVE-2023-20154 is a vulnerability in the Cisco Modeling Labs software that allows an unauthenticated remote attacker to access the web interface with administrative privileges. It has a CVSSv3.1 score of 9.1.

This vulnerability can be exploited if the LDAP authentication server is configured in a way that it replies to search query entries that contain search result reference entries. In that case, the authentication mechanism can be bypassed and can result to the attacker being logged in as an administrator, giving him full power to access and modify everything available in the web interface of the affected server. This configuration can only be changed by a server administrator.

Actions recommandées

The Centre for Cyber Security Belgium strongly recommends network administrators to download and apply the latest software updates, after thorough testing. Follow the instructions of the vendor.