Cisco patches serious flaw for ASR 9000 series routers

According to a report released by Cisco, the company has patched a critical flaw in its ASR 9000 Series Aggregation Services Routers that targets the Cisco IOS XR 64-bit Software. The flaw in question, (CVE-2019-1710), allows for a remote attacker to gain access to applications found internally within a sysadmin virtual machine (among other issues). Earning a Common Vulnerability Scoring System (CVSS) score of 9.8, the exploit is about as serious as flaws get (hence, Cisco rushing out the patch).

The following statement in the advisory explains what exactly caused the flaw and how damaging it can be:

The vulnerability is due to incorrect isolation of the secondary management interface from internal sysadmin applications. An attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could result in unstable conditions, including both a denial of service and remote unauthenticated access to the device.

There is a detailed workaround that is shown in extensive detail via the advisory. (It is also not the first time Cisco has employed a workaround strategy to quickly close an exploit.) In essence, the workaround involves accessing the sysadmin VM and using bash to edit the calvados_bootstrap.cfg file. While this is a workaround, the patch is probably the easier (RE: less headache-inducing) method of closing this flaw as one line of coded mistake in bash can botch the workaround. In order to employ the patch, a sysadmin will need to download the update released for the IOS XR 64-bit software found in the ASR 9000 series routers.

According to the advisory, there have been no known cases of the exploit being employed in the wild (though this could be subject to change now that the advisory is public). The most likely reason for this is that Cisco discovered the flaw in the ASR 9000 series routers “during internal security testing.” The logic makes sense as a third party white hat finding the flaw would imply that malicious hackers could also find it (and exploit it). Finding it in an internal security test means that the likelihood of outside forces finding the flaw first is less (though not impossible).

In any case, make sure to patch as soon as possible if your company utilizes the ASR 9000 series routers.

Featured image: Cisco

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter
Tags Cisco

Recent Posts

Google faces probe for GDPR data protection violations

In what may be a landmark case, Google faces a hefty fine if it is found guilty of violating GDPR…

15 hours ago

IT security practices that have stood the test of time

Sometimes, old wisdom is the best wisdom. Protect your data with these IT security best practices that have proven effective…

19 hours ago

Xtreme Podcast: Has Big Data been overshadowed by dark data?

Today’s Xtreme Podcast: Shining a light on dark data, legacy security tools, and hacking stats that will leave you more…

21 hours ago

Cryptojacking: Don't let your system perform for someone else

In most cyberattacks, hackers want you to know you’ve been compromised. But in cryptojacking, hackers want you to live in…

2 days ago

System feeling down? Architect your enterprise apps for high availability

Businesses want to improve uptime, and optimizing every part of their technology stack for high availability is a significant step…

2 days ago

10 hacking stats every business leader and IT pro must know

Cybercrime is bad and getting worse. Yes, these 10 hacking stats will scare you, but knowing about them can help…

2 days ago