Cisco Addresses Key SSH Authentication and TCP Denial of Service Vulnerabilities

As the digital world continues to expand, the need for robust cybersecurity measures has never been more critical. With the growing reliance on remote access and cloud-based services, protecting network infrastructure against vulnerabilities has become a top priority for businesses and organizations. Today, two security vulnerabilities have been discovered in Cisco products: the Cisco StarOS Software Key-Based SSH Authentication Privilege Escalation Vulnerability and the Cisco BroadWorks Network Server TCP Denial of Service Vulnerability.

1. Cisco StarOS Software Key-Based SSH Authentication Privilege Escalation Vulnerability (CVE-2023-20046)

This vulnerability, with a CVSS score of 8.8, affects the key-based SSH authentication feature of Cisco StarOS Software. It allows an authenticated, remote attacker to elevate privileges on an affected device due to insufficient validation of user-supplied credentials.

Attackers can exploit the CVE-2023-20046 vulnerability by sending a valid low-privileged SSH key to an affected device from a host configured as the source for a high-privileged user account. A successful exploit grants the attacker the ability to log in to the affected device through SSH as a high-privileged user.

Affected products include:

• ASR 5000 Series Routers
• Virtualized Packet Core – Distributed Instance (VPC-DI)
• Virtualized Packet Core – Single Instance (VPC-SI)

Cisco has released software updates to address this vulnerability, and there are workarounds available.

2. Cisco BroadWorks Network Server TCP Denial of Service Vulnerability (CVE-2023-20125)

With a CVSS score of 8.6, this vulnerability targets the local interface of the Cisco BroadWorks Network Server. It allows an unauthenticated, remote attacker to exhaust system resources and cause a denial of service (DoS) condition.

The vulnerability arises from the lack of rate limiting for certain incoming TCP connections. Attackers can exploit this vulnerability by sending a high rate of TCP connections to the server, causing rapid resource consumption and rendering the Cisco BroadWorks Network Server unusable.

This vulnerability affects Cisco BroadWorks Network Server devices running vulnerable software releases (22.0, 23.0, or Release Independent (RI)) with the default configuration.

Cisco has released software updates to address this vulnerability, and there are no known workarounds.

Mitigation and Remediation

To ensure network security, organizations must apply the software updates released by Cisco to address these vulnerabilities. For the SSH Authentication Privilege Escalation Vulnerability, users can also implement workarounds to prevent exploitation.

At the time of writing, Cisco’s Product Security Incident Response Team (PSIRT) is aware of the proof-of-concept exploit code for the SSH Authentication vulnerability but is not aware of any malicious use of either vulnerability.