The Indian Computer Emergency Response Team (CERT-In) has issued an advisory over two serious vulnerabilities in networking giant Cisco products that could allow attackers to elevate privileges to root on the underlying operating system.
The vulnerabilities reported in the company’s product ‘ConfD CLI’ could allow the authenticated, low-privileged, local attacker “to read and write arbitrary files as root or elevate privileges to root on the underlying operating system”, CERT-In said in its latest advisory.
The ‘Arbitrary File Read and Write Vulnerability’ exists in ConfD CLI due to improper authorization enforcement when specific CLI commands are used.
“An attacker could exploit this vulnerability by executing an affected CLI command with crafted arguments,” the cyber agency said.
It also mentioned that the successful exploitation of this vulnerability could allow “the attacker to read or write arbitrary files on the underlying operating system with the privileges of the root user”.
The second vulnerability ‘Privilege Escalation’ exists in the affected product due to an incorrect privilege assignment when specific CLI commands are used.
According to the cyber agency, an attacker could exploit this vulnerability by executing an affected CLI command. In addition, CERT-In advised users to apply appropriate updates as released by Cisco.
