CVE-2023-20046:Privilege Elevation Vulnerability in Cisco StarOS Software SSH Authentication

splash
Back

Description Preview

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability (CVE-2023-20046) is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. If successful, the attacker could log in to the affected device through SSH with elevated privileges.

Overview

This vulnerability (CWE-522: Insufficiently Protected Credentials) affects the key-based SSH authentication mechanism in Cisco StarOS Software. The issue stems from inadequate validation of user credentials during the SSH authentication process. Specifically, the system fails to properly validate the privilege level associated with SSH keys when the connection originates from certain IP addresses. An attacker with valid low-privilege credentials could potentially gain high-privilege access by connecting from a host IP address that is configured as a source for a high-privileged user account. This vulnerability could lead to unauthorized administrative access to affected Cisco StarOS devices.

Remediation

  1. Apply the latest security updates provided by Cisco for StarOS Software.
  2. Implement the workarounds specified in the Cisco Security Advisory (cisco-sa-staros-ssh-privesc-BmWeJC3h).
  3. Review and restrict SSH access to trusted hosts only.
  4. Implement network segmentation to limit access to management interfaces.
  5. Monitor for suspicious SSH login attempts, particularly those that might indicate privilege escalation.
  6. Consider implementing additional authentication mechanisms such as multi-factor authentication where possible.
  7. Regularly audit user accounts and privileges to ensure proper access control.

References

  1. Cisco Security Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h
  2. MITRE CWE-522 (Insufficiently Protected Credentials): https://cwe.mitre.org/data/definitions/522.html
  3. NIST National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2023-20046

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Construction
    Construction
  6. Educational Services
    Educational Services
  7. Finance and Insurance
    Finance and Insurance
  8. Health Care & Social Assistance
    Health Care & Social Assistance
  9. Information
    Information
  10. Management of Companies & Enterprises
    Management of Companies & Enterprises
  11. Manufacturing
    Manufacturing
  12. Mining
    Mining
  13. Other Services (except Public Administration)
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  15. Public Administration
    Public Administration
  16. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  17. Retail Trade
    Retail Trade
  18. Transportation & Warehousing
    Transportation & Warehousing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database