Critical Cisco vulnerability threatens Web-Based management interfaces

Read Time:1 Minute, 21 Second

Cisco has recently disclosed a severe vulnerability (CVE-2024-20381) impacting the JSON-RPC API feature used by various web-based management interfaces in its products. This flaw poses a significant risk to organizations utilizing these platforms.
Vulnerability Details
The vulnerability arises from improper authorization checks on the JSON-RPC API. Remote attackers with sufficient privileges can exploit this issue by sending malicious requests, allowing them to:

  • Modify device configurations
  • Create new user accounts
  • Elevate their privileges
    Affected Products
    The following Cisco products are vulnerable regardless of configuration:
  • Crosswork NSO
  • Optical Site Manager
  • RV340 Dual WAN Gigabit VPN Routers
    ConfD is also affected if the JSON-RPC API feature is enabled.
    Mitigation
    Cisco has released software updates to address this vulnerability for Crosswork NSO, Optical Site Manager, and ConfD. Customers are strongly advised to upgrade to the fixed releases immediately.
    Unfortunately, Cisco will not provide patches for RV340 routers as they have reached their end-of-life.
    Detection
    To determine if the JSON-RPC API feature is enabled in ConfD, check the confd.conf configuration file for the ‘webui’ setting. If ‘webui’ is set to ‘true’ and valid transports and ports are configured, the web server may be vulnerable to attack.
    Best Practices
    To minimize the impact of such vulnerabilities, organizations should adhere to cybersecurity best practices:
  • Implement least-privilege access controls
  • Segment networks to limit the spread of attacks
  • Regularly monitor and update system software
  • Educate users on security awareness
    Conclusion
    This critical vulnerability highlights the importance of maintaining up-to-date software and adhering to security best practices. Organizations using affected Cisco products should prioritize applying the necessary patches to protect their networks from potential exploitation.

Leave a Reply

Your email address will not be published. Required fields are marked *