How to Fix CVE-2023-20154- An Authentication Bypass Vulnerability in Cisco Modeling Labs?


The network appliances manufacturer giant Cisco published an advisory on 19 April 2022 in which Cisco detailed an authentication bypass vulnerability in Cisco Modeling Labs, a network simulation and visualization tool developed by Cisco Systems. The vulnerability tracked as CVE-2023-20154 is a Critical severity vulnerability with a CVSS score of 9.1 out of 10. The flaw is in the external authentication mechanism of Cisco Modeling Labs that allows an unauthenticated, but unprivileged, remote attacker to bypass authentication and log in to the web management interface of an affected device with administrative privileges. Since this flaw allows the attacker to access the web interface with administrative privileges, it is most important to fix the CVE-2023-20154 vulnerability. Let’s see how to fix CVE-2023-20154, an authentication bypass vulnerability in Cisco Modeling Labs.

Short Introduction About Cisco Modeling Labs

Cisco Modeling Labs (CML) is a network simulation and visualization tool developed by Cisco Systems. It allows network engineers and administrators to create virtual network environments to test and validate complex network scenarios, configurations, and designs.

CML is designed to simulate multiple network devices, such as routers, switches, firewalls, and servers, allowing users to configure and test their behavior in a virtual environment before implementing changes in the live network. The software supports a range of network protocols and technologies, including IPv4, IPv6, BGP, OSPF, MPLS, VPN, and many others.

CML provides an intuitive graphical user interface that enables users to create and manage virtual network topologies with ease. It also includes a comprehensive set of tools and features for network modeling, testing, and troubleshooting, such as packet capturing, protocol analysis, and network performance monitoring.

Summary of CVE-2023-20154

This is an critical authentication bypass vulnerability in Cisco Modeling Labs. The vulnerability is due to the improper handling of specific messages returned by the associated external authentication server. This vulnerability could be exploited by logging in to the web interface of an affected server.  The flaw allows an authenticated, remote attacker not only to bypass authentication but also to access and modify every simulation.

See also  Harden your GitLab Instance- 5 Best Tips to Secure GitLab from Cyber Threats
Associated CVE IDCVE-2023-20154
DescriptionA Critical Severity Authentication Bypass Vulnerability in Cisco Modeling Labs
Associated ZDI ID
CVSS Score9.1 critical
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Impact Score
Exploitability Score
Attack Vector (AV)None
Attack Complexity (AC)Low
Privilege Required (PR)None
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
availability (a)None

Cisco Modeling Labs Affected by CVE-2023-20154

The vulnerability affects the following Cisco products configured with LDAP authentication:

  • Modeling Labs for Education
  • Modeling Labs Enterprise
  • Modeling Labs – Not For Resale

To check if LDAP authentication is configured on your Cisco Modeling Labs, log in and navigate to Tools > System Administration > User Authentication. For more information, refer to the Configuring LDAP Authentication guide.

See Also How To Download And Import Trusted Root CA Certificates From Internal Certificate Authority Server?

Cisco has confirmed that Modeling Labs – Personal and Modeling Labs – Personal Plus are not affected by this vulnerability.

How to Fix CVE-2023-20154- An Authentication Bypass Vulnerability in Cisco Modeling Labs?

Cisco has released software updates addressing this vulnerability, and workarounds are available. The table below shows Cisco Modeling Labs software releases and whether they are affected by this vulnerability, as well as the first release containing the fix for this vulnerability. Customers are advised to upgrade to a fixed software release as indicated:

Cisco Modeling Labs ReleaseFirst Fixed Release
2.2 and earlierNot vulnerable
2.3Migrate to a fixed release
2.4Migrate to a fixed release
2.52.5.1

We recommend to upgrade to v2.5.1 to fix the CVE-2023-20154 vulnerability.

Workaround

Before we discuss about the available workaround, let’s see the specific condition required to exploit the CVE-2023-20154 vulnerability.

The vulnerability can only be exploited under specific conditions determined by the associated LDAP authentication server’s response to authentication queries from Cisco Modeling Labs. If the LDAP server is configured to reply to search queries with a non-empty array of matching entries (containing search result reference entries), the authentication bypass vulnerability can be exploited. Only the LDAP server administrator can verify and change this behavior, as it cannot be influenced by an attacker.

See also  How to Fix CVE-2023-26077(8)- Two Critical 0-Day Vulnerabilities in Atera Windows Installers?

Administrators can address this vulnerability by verifying the LDAP authentication server configuration, making sure that failing search queries do not return non-empty matching result arrays. Methods for achieving this depend on the deployed LDAP server. For further guidance, consult the documentation for your specific LDAP installation.

How to Upgrade Cisco Modeling Labs?

Upgrading your existing Cisco Modeling Labs (CML) installation to the latest release is crucial to take advantage of new features and improvements. In this guide, we’ll walk you through the process of upgrading your CML installation seamlessly. Please note that to upgrade to the latest CML release, your existing instance must be CML 2.3.0 or higher. Please refer to official installation or upgradation guide for more details.

Preparing for the Upgrade

  1. Check Release Notes: Always review the Release Notes for Cisco Modeling Labs to ensure an in-place upgrade is supported from your current release.
  2. Backup Modifications: If you’ve made custom changes to your system (copying images, altering configuration files, etc.), back up those changes before starting the upgrade.
  3. Download Upgrade Files: Download the pkg.zip file or the .deb file for the CML controller to your local machine. Refer to the “Downloading Files for CML Installation” section for more details on acquiring these files.

Performing the In-Place Upgrade

Follow these steps to perform an in-place upgrade of your CML installation:

Step 1: Extract the Files (if applicable)

  • If you have a .zip file, use appropriate tools (7-Zip or WinZip for Windows, Archive Utility app or unzip CLI command for macOS) to extract its contents.

Step 2: Verify the File Signature (Optional)

  • If you downloaded the pkg.zip file, follow the instructions in the pkg.README file to verify the .pkg file’s signature.
See also  How To Fix CVE-2022-2274- A Heap Memory Corruption Vulnerability In OpenSSL

CML Controller Upgrade – CML UI Steps

  1. Log into the CML server UI.
  2. Navigate to Tools ‣ System Upgrade on the Lab Manager page.
  3. Click the Browse button, select the upgrade package (cml2_2.3.1_build29_amd64.pkg or cml2_2.3.1_build29_amd64.deb), and click Upload Image.
  4. Click the “using Cockpit” link to open the System Administration Cockpit.

See Also What is an MFA Fatigue Attack? How to Defend Against an MFA Fatigue Attack?

CML Controller Upgrade – System Administration Cockpit Steps

  1. Log into the System Administration Cockpit with the system administrator account.
  2. Click CML2 in the navigation bar, and expand the Controller Software Upgrade item in the Maintenance section.
  3. Click the Upgrade Controller button and wait for the process to complete. Check the Upgrade Log Output for confirmation.
  4. If the System Administration Cockpit disconnects during the upgrade, click Reconnect and check the log output.
  5. Once the upgrade is complete, ensure no error or failure messages are generated in the Output area.
  6. Apply base OS software updates in the System Administration Cockpit (recommended).

Important: After completing the upgrade, advise all CML server users to clear their web browser caches before accessing the CML server again to prevent errors or other issues.

Applying Software Updates for the Base OS (Online Upgrades Only)

  1. Log into the System Administration Cockpit with the system administrator account.
  2. Click Services in the navigation bar, and then click the Targets tab.
  3. Scroll down to virl2.target, and click on it.
  4. Stop the services for this target by clicking the services menu and selecting Stop.
  5. Click Software Updates in the navigation bar.
  6. Click Install All Updates and wait for the process to complete.
  7. If a reboot is recommended, click Restart Now. Otherwise, restart the virl2.target.

Restarting virl2.target (if a reboot wasn’t required)

  1. Navigate to Services ‣ Targets ‣ virl2.target in the System Administration Cockpit.
  2. Click on the services menu and select Start to restart the services for this target.
  3. Once the services are running, the Status will change to Active or Running.

Leave a Reply

Your email address will not be published. Required fields are marked *