The network appliances manufacturer giant Cisco published an advisory on 19 April 2022 in which Cisco detailed an authentication bypass vulnerability in Cisco Modeling Labs, a network simulation and visualization tool developed by Cisco Systems. The vulnerability tracked as CVE-2023-20154 is a Critical severity vulnerability with a CVSS score of 9.1 out of 10. The flaw is in the external authentication mechanism of Cisco Modeling Labs that allows an unauthenticated, but unprivileged, remote attacker to bypass authentication and log in to the web management interface of an affected device with administrative privileges. Since this flaw allows the attacker to access the web interface with administrative privileges, it is most important to fix the CVE-2023-20154 vulnerability. Let’s see how to fix CVE-2023-20154, an authentication bypass vulnerability in Cisco Modeling Labs.
Short Introduction About Cisco Modeling Labs
Cisco Modeling Labs (CML) is a network simulation and visualization tool developed by Cisco Systems. It allows network engineers and administrators to create virtual network environments to test and validate complex network scenarios, configurations, and designs.
CML is designed to simulate multiple network devices, such as routers, switches, firewalls, and servers, allowing users to configure and test their behavior in a virtual environment before implementing changes in the live network. The software supports a range of network protocols and technologies, including IPv4, IPv6, BGP, OSPF, MPLS, VPN, and many others.
CML provides an intuitive graphical user interface that enables users to create and manage virtual network topologies with ease. It also includes a comprehensive set of tools and features for network modeling, testing, and troubleshooting, such as packet capturing, protocol analysis, and network performance monitoring.
Summary of CVE-2023-20154
This is an critical authentication bypass vulnerability in Cisco Modeling Labs. The vulnerability is due to the improper handling of specific messages returned by the associated external authentication server. This vulnerability could be exploited by logging in to the web interface of an affected server. The flaw allows an authenticated, remote attacker not only to bypass authentication but also to access and modify every simulation.
|Associated CVE ID||CVE-2023-20154|
|Description||A Critical Severity Authentication Bypass Vulnerability in Cisco Modeling Labs|
|Associated ZDI ID||–|
|CVSS Score||9.1 critical|
|Attack Vector (AV)||None|
|Attack Complexity (AC)||Low|
|Privilege Required (PR)||None|
|User Interaction (UI)||None|
Cisco Modeling Labs Affected by CVE-2023-20154
The vulnerability affects the following Cisco products configured with LDAP authentication:
- Modeling Labs for Education
- Modeling Labs Enterprise
- Modeling Labs – Not For Resale
To check if LDAP authentication is configured on your Cisco Modeling Labs, log in and navigate to Tools > System Administration > User Authentication. For more information, refer to the Configuring LDAP Authentication guide.
Cisco has confirmed that Modeling Labs – Personal and Modeling Labs – Personal Plus are not affected by this vulnerability.
How to Fix CVE-2023-20154- An Authentication Bypass Vulnerability in Cisco Modeling Labs?
Cisco has released software updates addressing this vulnerability, and workarounds are available. The table below shows Cisco Modeling Labs software releases and whether they are affected by this vulnerability, as well as the first release containing the fix for this vulnerability. Customers are advised to upgrade to a fixed software release as indicated:
|Cisco Modeling Labs Release||First Fixed Release|
|2.2 and earlier||Not vulnerable|
|2.3||Migrate to a fixed release|
|2.4||Migrate to a fixed release|
We recommend to upgrade to v2.5.1 to fix the CVE-2023-20154 vulnerability.
Before we discuss about the available workaround, let’s see the specific condition required to exploit the CVE-2023-20154 vulnerability.
The vulnerability can only be exploited under specific conditions determined by the associated LDAP authentication server’s response to authentication queries from Cisco Modeling Labs. If the LDAP server is configured to reply to search queries with a non-empty array of matching entries (containing search result reference entries), the authentication bypass vulnerability can be exploited. Only the LDAP server administrator can verify and change this behavior, as it cannot be influenced by an attacker.
Administrators can address this vulnerability by verifying the LDAP authentication server configuration, making sure that failing search queries do not return non-empty matching result arrays. Methods for achieving this depend on the deployed LDAP server. For further guidance, consult the documentation for your specific LDAP installation.
How to Upgrade Cisco Modeling Labs?
Upgrading your existing Cisco Modeling Labs (CML) installation to the latest release is crucial to take advantage of new features and improvements. In this guide, we’ll walk you through the process of upgrading your CML installation seamlessly. Please note that to upgrade to the latest CML release, your existing instance must be CML 2.3.0 or higher. Please refer to official installation or upgradation guide for more details.
Preparing for the Upgrade
- Check Release Notes: Always review the Release Notes for Cisco Modeling Labs to ensure an in-place upgrade is supported from your current release.
- Backup Modifications: If you’ve made custom changes to your system (copying images, altering configuration files, etc.), back up those changes before starting the upgrade.
- Download Upgrade Files: Download the pkg.zip file or the .deb file for the CML controller to your local machine. Refer to the “Downloading Files for CML Installation” section for more details on acquiring these files.
Performing the In-Place Upgrade
Follow these steps to perform an in-place upgrade of your CML installation:
Step 1: Extract the Files (if applicable)
- If you have a .zip file, use appropriate tools (7-Zip or WinZip for Windows, Archive Utility app or unzip CLI command for macOS) to extract its contents.
Step 2: Verify the File Signature (Optional)
- If you downloaded the pkg.zip file, follow the instructions in the pkg.README file to verify the .pkg file’s signature.
CML Controller Upgrade – CML UI Steps
- Log into the CML server UI.
- Navigate to Tools ‣ System Upgrade on the Lab Manager page.
- Click the Browse button, select the upgrade package (cml2_2.3.1_build29_amd64.pkg or cml2_2.3.1_build29_amd64.deb), and click Upload Image.
- Click the “using Cockpit” link to open the System Administration Cockpit.
CML Controller Upgrade – System Administration Cockpit Steps
- Log into the System Administration Cockpit with the system administrator account.
- Click CML2 in the navigation bar, and expand the Controller Software Upgrade item in the Maintenance section.
- Click the Upgrade Controller button and wait for the process to complete. Check the Upgrade Log Output for confirmation.
- If the System Administration Cockpit disconnects during the upgrade, click Reconnect and check the log output.
- Once the upgrade is complete, ensure no error or failure messages are generated in the Output area.
- Apply base OS software updates in the System Administration Cockpit (recommended).
Important: After completing the upgrade, advise all CML server users to clear their web browser caches before accessing the CML server again to prevent errors or other issues.
Applying Software Updates for the Base OS (Online Upgrades Only)
- Log into the System Administration Cockpit with the system administrator account.
- Click Services in the navigation bar, and then click the Targets tab.
- Scroll down to virl2.target, and click on it.
- Stop the services for this target by clicking the services menu and selecting Stop.
- Click Software Updates in the navigation bar.
- Click Install All Updates and wait for the process to complete.
- If a reboot is recommended, click Restart Now. Otherwise, restart the virl2.target.
Restarting virl2.target (if a reboot wasn’t required)
- Navigate to Services ‣ Targets ‣ virl2.target in the System Administration Cockpit.
- Click on the services menu and select Start to restart the services for this target.
- Once the services are running, the Status will change to Active or Running.
We hope this post would help you know how to fix CVE-2023-20154, an authentication bypass vulnerability in Cisco Modeling Labs. Please share this post if you find this interested. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.
Frequently Asked Questions
Cisco Modeling Labs (CML) is a network simulation and visualization tool developed by Cisco Systems. It enables network engineers and administrators to create virtual network environments for testing and validating complex network scenarios, configurations, and designs.
CVE-2023-20154 is a critical authentication bypass vulnerability in Cisco Modeling Labs with a CVSS score of 9.1 out of 10. The flaw is in the external authentication mechanism of CML, which allows an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device with administrative privileges.
The vulnerability affects Cisco Modeling Labs products configured with LDAP authentication, including Modeling Labs for Education, Modeling Labs Enterprise, and Modeling Labs – Not For Resale. Cisco Modeling Labs – Personal and Modeling Labs – Personal Plus are not affected.
To check if your Cisco Modeling Labs instance is affected, log in and navigate to Tools > System Administration > User Authentication to see if LDAP authentication is configured. Refer to the Configuring LDAP Authentication guide for more information.
To fix CVE-2023-20154, upgrade your Cisco Modeling Labs instance to the first fixed release indicated in the software release table provided by Cisco. For instance, if your CML version is 2.5, upgrade to 2.5.1. Follow the steps in the “How to Upgrade Cisco Modeling Labs” section for guidance on upgrading your instance.
Yes, a workaround is available. Administrators can address the vulnerability by verifying the LDAP authentication server configuration and ensuring that failing search queries do not return non-empty matching result arrays. Consult the documentation for your specific LDAP installation for guidance on achieving this.
To upgrade your Cisco Modeling Labs instance, follow the steps provided in the “How to Upgrade Cisco Modeling Labs” section, which includes preparing for the upgrade, performing the in-place upgrade, and applying software updates for the base OS.