Cisco has recently issued security updates to address critical vulnerabilities in its Industrial Network Director and Modeling Labs solutions. These vulnerabilities could be exploited by attackers to inject arbitrary operating system commands or access sensitive data.
One of the vulnerabilities, identified as CVE-2023-20036 (CVSS score: 9.9), is found in the web UI of the Cisco Industrial Network Director. Exploiting this flaw could allow an attacker to execute arbitrary commands with administrative privileges on the underlying operating system. The advisory states, "A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device." It further explains that the vulnerability is due to improper input validation when uploading a Device Pack and could be exploited by altering the request sent during the upload process. "A successful exploit could allow the attacker to execute arbitrary commands as NT AUTHORITYSYSTEM on the underlying operating system of an affected device."
Cisco also addressed a file permissions vulnerability, tracked as CVE-2023-20039 (CVSS score: 5.5), which could allow an authenticated, local attacker to read application data. The advisory explains that the vulnerability is due to insufficient default file permissions applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the application data directory, potentially allowing them to view sensitive information.
The company has released version 1.11.3 to address these flaws, noting that there are no workarounds for these issues. Both vulnerabilities were reported to Cisco by an unnamed external researcher.
In addition, Cisco addressed a critical vulnerability, identified as CVE-2023-20154 (CVSS score: 9.1), in the external authentication mechanism. This vulnerability could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. The advisory states, "This vulnerability is due to the improper handling of certain messages that are returned by the associated external authentication server." It further explains that an attacker could exploit this vulnerability by logging in to the web interface of an affected server, potentially bypassing the authentication mechanism and gaining administrative privileges. "A successful exploit could allow the attacker to obtain administrative privileges on the web interface of an affected server, including the ability to access and modify every simulation and all user-created data. To exploit this vulnerability, the attacker would need valid user credentials that are stored on the associated external authentication server."