Trellix researchers, in a report published on February 1st reveals the bug, one of two flaws discovered, impacts the following Cisco networking devices:
- Cisco ISR 4431 routers
- 800 Series Industrial ISRs
- CGR1000 Compute Modules
- IC3000 Industrial Compute Gateways
- IOS XE-based devices configured with IOx
- IR510 WPAN Industrial Routers
- Cisco Catalyst Access points
One bug — CSCwc67015 — was discovered in code which is not yet released. Apparently, it has the capability to allow hackers to execute their own code, and possibly replace the majority of the files on the device.
The second bug (allegedly more malicious) — CVE-2023-20076 — found in production equipment, is a command-injection vulnerability which could enable unauthorized access and remote code execution (RCE). Despite Cisco’s barriers against such a situation, this would have required not only complete control of a device’s operating system but also pe
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: