Cisco patches serious flaw for ASR 9000 series routers

According to a report released by Cisco, the company has patched a critical flaw in its ASR 9000 Series Aggregation Services Routers that targets the Cisco IOS XR 64-bit Software. The flaw in question, (CVE-2019-1710), allows for a remote attacker to gain access to applications found internally within a sysadmin virtual machine (among other issues). Earning a Common Vulnerability Scoring System (CVSS) score of 9.8, the exploit is about as serious as flaws get (hence, Cisco rushing out the patch).

The following statement in the advisory explains what exactly caused the flaw and how damaging it can be:

The vulnerability is due to incorrect isolation of the secondary management interface from internal sysadmin applications. An attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could result in unstable conditions, including both a denial of service and remote unauthenticated access to the device.

There is a detailed workaround that is shown in extensive detail via the advisory. (It is also not the first time Cisco has employed a workaround strategy to quickly close an exploit.) In essence, the workaround involves accessing the sysadmin VM and using bash to edit the calvados_bootstrap.cfg file. While this is a workaround, the patch is probably the easier (RE: less headache-inducing) method of closing this flaw as one line of coded mistake in bash can botch the workaround. In order to employ the patch, a sysadmin will need to download the update released for the IOS XR 64-bit software found in the ASR 9000 series routers.

According to the advisory, there have been no known cases of the exploit being employed in the wild (though this could be subject to change now that the advisory is public). The most likely reason for this is that Cisco discovered the flaw in the ASR 9000 series routers “during internal security testing.” The logic makes sense as a third party white hat finding the flaw would imply that malicious hackers could also find it (and exploit it). Finding it in an internal security test means that the likelihood of outside forces finding the flaw first is less (though not impossible).

In any case, make sure to patch as soon as possible if your company utilizes the ASR 9000 series routers.

Featured image: Cisco

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter
Tags Cisco

Recent Posts

How do you create the right DevOps culture in your organization?

Adding DevOps to your business is not enough. You must also create a successful DevOps culture. Here’s some ideas to…

2 hours ago

How to assign network security groups in Azure using PowerShell

Azure network security groups are essential to protect the traffic in any subnet within a virtual network. Here’s more on…

18 hours ago

Intel next-gen Cooper Lake CPU delivers 56 processor cores

Intel says its next-gen Cooper Lake processors will deliver “breakthrough platform performance” with built-in AI training acceleration.

23 hours ago

Lock it down: Securing and protecting your IoT network

Even the slightest misconfiguration of an IoT network can serve as a point of entry for cyberattacks, security breaches, data…

1 day ago

Using Desktop Analytics to ease Windows update headaches

Microsoft Desktop Analytics has the potential to greatly simplify the preparation for future Windows 10 update releases. Here’s more on…

4 days ago

Microsoft unveils preview version of Azure Dedicated Host

Microsoft’s new Azure Dedicated Host will help organizations run their Linux and Windows virtual machines on single-tenant physical servers.

4 days ago