Photo credit: www.networkworld.com
Backdoor Secrecy
A significant security vulnerability, categorized as CVE-2024-20439, has emerged in Cisco’s systems that allows unauthorized users to gain administrator access through the application’s API due to a hardcoded password flaw. Additionally, another critical vulnerability, identified as CVE-2024-20440, poses a risk by enabling attackers to retrieve log files, which may contain sensitive information such as API credentials.
Both vulnerabilities have been assigned a high severity rating with a CVSS score of 9.8, indicating they are equally critical. Their potential to be exploited in conjunction raises the overall risk, underscoring the necessity for immediate remedial actions. The affected versions of the Cisco Secure Logging Utility (CSLU) include 2.0.0, 2.1.0, and 2.2.0, while version 2.3.0 includes patches that address these issues.
Despite being a newer product, CSLU has shown vulnerabilities typically expected to be mitigated in more contemporary releases. This isn’t the first occurrence of hardcoded credentials in Cisco products; similar issues have been found previously in various systems such as the Cisco Firepower Threat Defense and the Emergency Responder, as well as in the Digital Network Architecture (DNA) Center among others, signifying a recurring problem that Cisco has yet to effectively resolve.
Commenting on these security issues, an expert from SANS expressed a degree of irony regarding the situation: “The first one [CVE-2024-20439] is one of the many backdoors Cisco likes to equip its products with.” This remark highlights ongoing concerns about the persistence of such vulnerabilities in network solutions, which can lead to significant risks if not addressed promptly.
Source
www.networkworld.com