Cisco has rushed out patches for a critical vulnerability in its ASR 9000 routers that could give remote, unauthenticated attackers access to the devices – as well as the power to launch denial-of-service (DoS) attacks against them.
The flaw is specifically in Cisco Aggregation Services Routers (ASR) 9000 Series, Cisco’s popular carrier Ethernet router intended for service applications. The vulnerability could allow an unauthenticated, remote attacker to access internal applications on the sysadmin virtual machine for the router, according to a Wednesday advisory.
“An attacker could exploit this vulnerability by connecting to one of the listening internal applications,” the advisory stated. “A successful exploit could result in unstable conditions, including both a denial of service and remote unauthenticated access to the device.”
The vulnerability (CVE-2019-1710) has a CVSS score of 9.8, making it critical in severity.
Specifically, Cisco ASR 9000 routers have an issue where the internal sysadmin applications are incorrectly isolated in the secondary management interface. ASR 9000 routers that are running Cisco IOS XR 64-bit software and that have the secondary management interface are impacted.
That means an attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could result in unstable conditions, including both DoS and remote unauthenticated access to the device.
Cisco said that the vulnerability was discovered during internal security testing, and that it is not aware of any exploits.
Cisco has urged users to upgrade to the Cisco IOS XR 64-bit software as soon as possible: “This vulnerability has been fixed in Cisco IOS XR 64-bit Software Release 6.5.3 and 7.0.1, which will edit the calvados_boostrap.cfg file and reload the device,” it said.
Cisco on Wednesday also revealed that exploit code for a previously-disclosed critical remote code execution vulnerability was now available. The critical flaw (CVE-2017-3881) was previously disclosed in March 2017 and exists in the Cisco Cluster Management Protocol used in Cisco IOS and IOS XE software.
“A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges,” according to Cisco.
Cisco has released patches for the flaw – but the exploit code was made available by a security researcher on April 10, according to Cisco.
“The Cisco Product Security Incident Response Team (PSIRT) is aware of exploitation of the vulnerability that is described in this advisory,” according to Cisco.
Earlier in April, Cisco re-patched flaws for two high-severity bugs affecting its RV320 and RV325 routers after a botched first attempt at fixing them. The company also reported two new medium-severity router bugs impacting the same router models – and with no reported fixes or workarounds.
Don’t miss our free Threatpost webinar, “Data Security in the Cloud,” on April 24 at 2 p.m. ET.
A panel of experts will join Threatpost senior editor Tara Seals to discuss how to lock down data when the traditional network perimeter is no longer in place. They will discuss how the adoption of cloud services presents new security challenges, including ideas and best practices for locking down this new architecture; whether managed or in-house security is the way to go; and ancillary dimensions, like SD-WAN and IaaS.