Cisco warns over critical router flaw

Admins with Cisco ASR 9000 Series routers need to urgently address a remotely exploitable flaw.

Who needs the Dark Web when there's Facebook? 74 groups caught selling hacked data Researchers at Cisco Talos uncover 74 Facebook groups being used for illicit activity by hundreds of thousands of users. Read more: https://zd.net/2FWAerh

Cisco has disclosed 29 new vulnerabilities and is warning customers using its ASR 9000 Series Aggregation Services Routers to install an update to address a critical flaw that can be exploited remotely without user credentials. 

The ASR flaw with the identifier CVE-2019-1710 is the most severe of dozens of vulnerabilities Cisco has disclosed. The bug has a severity rating of 9.8 out of a possible 10. 

The flaw resides in the sysadmin virtual machine on an ASR router that's running a vulnerable version of Cisco IOS XR 64-bit Software. An attacker could use the flaw to access applications running on the VM. 

"The vulnerability is due to incorrect isolation of the secondary management interface from internal sysadmin applications," explains Cisco. 

"An attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could result in unstable conditions, including both a denial of service and remote unauthenticated access to the device."

SEE: IT pro's guide to the evolution and impact of 5G technology (free PDF)

It notes that admins need to check whether a secondary interface in the IOS XR 64-bit software is connected.  

"If the secondary management interface is configured and connected, the device is vulnerable," Cisco said. 

The flaw only affects Cisco software running on ASR9000 Series Aggregation Services Routers but not other platforms. 

Cisco details a workaround but notes that it does have software updates to remedy the vulnerability. The issue is fixed in Cisco IOS XR 64-bit Software Release 6.5.3 and 7.0.1. The patch effectively implements the workaround Cisco details, which involves running bash and editing the calvados_bootstrap.cfg file. 

The company has also issued alerts that two previously patched bugs are being exploited in a DNS hijacking campaign dubbed Sea Turtle. 

The remaining five high severity flaws were discovered by Cisco during internal testing. Three of them affect Cisco's Wireless LAN Controller software, another affects the Cisco Expressway Series and Cisco TelePresence Video Communication Server, and the fifth affects Cisco Aironet Series Access Points. Cisco said it was not aware of any of the high severity flaws being under attack.   

MORE ON CISCO AND NETWORKING