Tim Wadhwa-Brown

**Name of the Vulnerable Software and Affected Versions** Cisco RCM for Cisco StarOS Software (affected versions not specified) **Description** The issue exists due to the incorrect enabling of debug mode for specific services, allowing an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges. An attacker could exploit this by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user. The attacker would need to perform detailed reconnaissance to allow for unauthenticated access. The vulnerability can also be exploited by an authenticated attacker. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. However, Cisco has released software updates that address this vulnerability. As a temporary workaround, consider disabling the debug mode for specific services until a patch is available. Restrict access to the vulnerable services to minimize the risk of exploitation. Avoid using the services with debug mode enabled in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cisco RCM for Cisco StarOS Software (affected versions not specified) **Description** A vulnerability in the debug function of Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform debug actions, potentially disclosing confidential information. This issue arises from a debug service that incorrectly listens to and accepts incoming connections, allowing an attacker to connect to the debug port and execute debug commands, thereby viewing sensitive debugging information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.