Attackers could target Cisco’s network tools Industrial Network Director and Modeling Labs, among others, and attack systems. The developers have also closed gaps in SD-WAN and StarOS, among others. Security updates are available for download. Admins can find more information about the gaps and patches in the warning messages linked below this message.
Admin vulnerability
The most dangerous is considered a vulnerability (CVE-2023-20036 “critical“) in the Industrial Network Director (IND). Here, an authenticated attacker could inject his own commands into the system and then access data without authorization. Cisco is not currently explaining how this could happen. The remedy is the IND-Version 1.11.3.
The second “critical” Vulnerability (CVE-2023-20154) affects Modeling Labs. Due to insufficient checks, attackers could attack the authentication server, bypass the login procedure under certain circumstances and access the web interface as an admin. This creates the Issue 2.5.1 Remedy.
Even more vulnerabilities
The remaining vulnerabilities affect Broadworks, IOS network operating system, Packet Data Network Gateway, SD-WAN, StarOS and TelePresence. Attackers could launch DoS attacks and paralyze services at these points.
List sorted by threat level in descending order:
(of the)