{"id":248300,"date":"2023-09-10T04:03:25","date_gmt":"2023-09-10T08:03:25","guid":{"rendered":"https:\/\/sftarticles.wpenginepowered.com\/es\/?p=305906"},"modified":"2025-07-01T18:16:43","modified_gmt":"2025-07-02T01:16:43","slug":"cisco-detects-serious-vulnerabilities-in-oas","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/cisco-detects-serious-vulnerabilities-in-oas\/","title":{"rendered":"Cisco detects serious vulnerabilities in OAS"},"content":{"rendered":"\n<p>Don&#8217;t worry if you don&#8217;t know what OAS is. Or you do. <strong>OAS (Open Automation Software) is a platform widely used in industrial operations <\/strong>and large-scale business environments, so it&#8217;s not necessarily going to affect you directly. <a href=\"https:\/\/en.softonic.com\/articles\/elon-musk-wants-you-to-give-him-more-personal-data-for-using-twitter\" target=\"_blank\" rel=\"noreferrer noopener\">Unless you&#8217;re Elon Musk<\/a>, of course. <strong>With cross-platform access and integration capabilities, a vulnerability in this system can be catastrophic<\/strong> on several levels, and that is exactly what Cisco has detected.<\/p>\n\n\n\n<p>A few days ago, <strong>researchers from Talos (a cybersecurity company that is a subsidiary of Cisco) disclosed a total of eight vulnerabilities<\/strong> that were found in the OAS engine management system, which would allow users to save configurations to disk and install them on other devices.<strong> Three of these vulnerabilities have been rated as highly severe.<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">A great danger for the platform<\/h2>\n\n\n\n<p><strong>The most important vulnerabilities found are CVE-2023-31242 and CVE-2023-34998<\/strong>, two authentication flaws that can be exploited relatively easily through pre-designed requests specifically for that purpose. Thus, <strong>an attacker could send a request to check if unauthenticated access is possible <\/strong>and thus create new users, change configurations, and potentially gain access to the entire system.<\/p>\n\n\n\n<p><strong>Another major vulnerability would allow an attacker to get hold of administrator credentials and use them for his own purposes.<\/strong> The attacker could thus gain direct access to profile creation and, likewise, access to the entire system.<\/p>\n\n\n\n<p>Cisco has already warned that<strong> there is another vulnerability that also allows the system to be taken over<\/strong>, although this time through a validation bug in the user creation functionality.<\/p>\n\n\n\n<p><strong>Fortunately all these v<\/strong>ulnerabilities were found by Cisco and not by an attacker, so the security flaws they have caused are being quickly fixed and by version 19,000,000 will have been fully corrected.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Don&#8217;t worry if you don&#8217;t know what OAS is. Or you do. OAS (Open Automation Software) is a platform widely used in industrial operations and large-scale business environments, so it&#8217;s not necessarily going to affect you directly. Unless you&#8217;re Elon Musk, of course. With cross-platform access and integration capabilities, a vulnerability in this system can &hellip; <a href=\"https:\/\/cms-articles.softonic.io\/en\/cisco-detects-serious-vulnerabilities-in-oas\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Cisco detects serious vulnerabilities in OAS&#8221;<\/span><\/a><\/p>\n","protected":false},"author":9286,"featured_media":248302,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":1},"categories":[],"tags":[5224],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-248300","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","tag-fallo-de-seguridad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/248300","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9286"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=248300"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/248300\/revisions"}],"predecessor-version":[{"id":318029,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/248300\/revisions\/318029"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/248302"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=248300"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=248300"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=248300"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=248300"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=248300"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=248300"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}