The flaw could enable an unauthenticated, remote attacker to access the devices, Cisco said.
Cisco has rushed out patches for a critical vulnerability in its ASR 9000 routers that could give remote, unauthenticated attackers access to the devices – as well as the power to launch denial-of-service (DoS) attacks against them.
The flaw is specifically in Cisco Aggregation Services Routers (ASR) 9000 Series, Cisco’s popular carrier Ethernet router intended for service applications. The vulnerability could allow an unauthenticated, remote attacker to access internal applications on the sysadmin virtual machine for the router, according to a Wednesday advisory.
“An attacker could exploit this vulnerability by connecting to one of the listening internal applications,” the advisory stated. “A successful exploit could result in unstable conditions, including both a denial of service and remote unauthenticated access to the device.”
he vulnerability (CVE-2019-1710) has a CVSS score of 9.8, making it critical in severity.
Specifically, Cisco ASR 9000 routers have an issue where the internal sysadmin applications are incorrectly isolated in the secondary management interface. ASR 9000 routers that are running Cisco IOS XR 64-bit software and that have the secondary management interface are impacted.
That means an attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could result in unstable conditions, including both DoS and remote unauthenticated access to the device.
Cisco said that the vulnerability was discovered during internal security testing, and that it is not aware of any exploits.
Cisco has urged users to upgrade to the Cisco IOS XR 64-bit software as soon as possible: “This vulnerability has been fixed in Cisco IOS XR 64-bit Software Release 6.5.3 and 7.0.1, which will edit the calvados_boostrap.cfg file and reload the device,” it said.
Cisco on Wednesday also revealed that exploit code for a previously-disclosed critical remote code execution vulnerability was now available. The critical flaw (CVE-2017-3881) was previously disclosed in March 2017 and exists in the Cisco Cluster Management Protocol used in Cisco IOS and IOS XE software.
“A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges,” according to Cisco.
Cisco has released patches for the flaw – but the exploit code was made available by a security researcher on April 10, according to Cisco.
“The Cisco Product Security Incident Response Team (PSIRT) is aware of exploitation of the vulnerability that is described in this advisory,” according to Cisco.
Earlier in April, Cisco re-patched flaws for two high-severity bugs affecting its RV320 and RV325 routers after a botched first attempt at fixing them. The company also reported two new medium-severity router bugs impacting the same router models – and with no reported fixes or workarounds.