Cisco Releases Security Advisories for Multiple Products - 20230426001

Overview

Cisco has released security updates for vulnerabilities affecting Industrial Network Director (IND), Modeling Labs, StarOS Software, and BroadbandWorks Network Server. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

What is the vulnerability?

• CVE-2017-6744 - CVSS v3 Base Score: 8.8
• CVE-2023-20036 - CVSS v3 Base Score: 9.9
• CVE-2023-20039 - CVSS v3 Base Score: 9.9
• CVE-2023-20046 - CVSS v3 Base Score: 8.8
• CVE-2023-20125 - CVSS v3 Base Score: 8.6
• CVE-2023-20154 - CVSS v3 Base Score: 9.1

Note that some of the above mentioned CVE pages have not been publicized yet

What is vulnerable?

The vulnerability affects the following products:

• Industrial Network Director
• Modeling Labs
• IOS and IOS XE
• StarOS
• BroadWorks Network Server

What has been observed?

DGov SOC has not observed any exploitation of any Cisco products mentioned above.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices.

Additional References

• CISA Security Advisory
• Cisco Security Advisories