Mark Lowe

**Name of the Vulnerable Software and Affected Versions** Cisco RCM for Cisco StarOS Software (affected versions not specified) **Description** The issue exists due to the incorrect enabling of debug mode for specific services, allowing an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges. An attacker could exploit this by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user. The attacker would need to perform detailed reconnaissance to allow for unauthenticated access. The vulnerability can also be exploited by an authenticated attacker. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. However, Cisco has released software updates that address this vulnerability. As a temporary workaround, consider disabling the debug mode for specific services until a patch is available. Restrict access to the vulnerable services to minimize the risk of exploitation. Avoid using the services with debug mode enabled in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cisco RCM for Cisco StarOS Software (affected versions not specified) **Description** A vulnerability in the debug function of Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform debug actions, potentially disclosing confidential information. This issue arises from a debug service that incorrectly listens to and accepts incoming connections, allowing an attacker to connect to the debug port and execute debug commands, thereby viewing sensitive debugging information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qt versions 4.4.0 through 4.7.5 Qt versions 4.8.x before 4.8.5 Qt version 5.0.0 qt-x11 versions (affected versions not specified) qt-demos-4.6.2 version qt-doc-4.6.2 version qt-examples-4.6.2 version qt-debuginfo-4.6.2 version qt-devel-4.6.2 version phonon-backend-gstreamer-4.6.2 version **Description** The vulnerability may lead to a breach of confidentiality, integrity, and availability of protected information. It can be exploited remotely. The QSharedMemory class in Qt uses weak permissions for shared memory segments, allowing local users to read sensitive information or modify critical program data. **Recommendations** For Qt versions 4.4.0 through 4.7.5, update to a version later than 4.7.5. For Qt versions 4.8.x before 4.8.5, update to version 4.8.5 or later. For Qt version 5.0.0, update to a version later than 5.0.0. For qt-x11, qt-demos-4.6.2, qt-doc-4.6.2, qt-examples-4.6.2, qt-debuginfo-4.6.2, qt-devel-4.6.2, and phonon-backend-gstreamer-4.6.2, update to a version that is not affected by the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability for some of the affected packages.