Cisco whispers the three little words to really get an ASR 9000 net admin's blood pumping: Remote unauthenticated access

Critical patch available now for those with vulnerable kit


Cisco has issued a security patch for a flaw in some of its routers that can be exploited by miscreants to potentially rifle through telecommunications networks.

Switchzilla says the vulnerable kit – the ASR 9000, a family of high-end gear aimed at carrier and telco edge deployments – can, in certain circumstances, be hijacked by unauthenticated hackers if they can reach it across the internet or internal network.

According to the US tech giant, the flaw lies within the system administration virtual machine used by the devices' IOS XR 64-bit operating system:

A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM.

The vulnerability is due to incorrect isolation of the secondary management interface from internal sysadmin applications. An attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could result in unstable conditions, including both a denial of service and remote unauthenticated access to the device.

It went on to clarify:

This vulnerability affects Cisco ASR 9000 Series Aggregation Services Routers that are running an affected version of Cisco IOS XR 64-bit Software and have the secondary management interface (physically MGT LAN 1 on the route switch processor (RSP)) connected and configured.

The best way to address the flaw is to install the latest version of the IOS XR firmware (6.5.3 or 7.0.1). The update is available for free to organizations running a supported and previously or currently licensed version of IOS.

Admins who are unable to get the patch can also lock down their routers by editing the calvados_bootstrap.cfg file within the sysadmin VM:

#CTRL_VRF=0
#MGMT_VRF=2

Should be changed to

CTRL_VRF=0
MGMT_VRF=2

Cisco notes that no other router models or firmware versions are vulnerable, and no attacks on the flaw have been reported in the wild yet. Chipzilla credits its own internal testing for discovering the flaw, designated CVE-2019-1710.

In a separate bulletin, Cisco notified admins that a 2017 vulnerability in IOS was among those exploited by the Sea Turtle hacker crew behind DNS-based cyber-attacks on the Middle East and North Africa. ®


Other stories you might like

  • Cisco execs pledge simpler, more integrated networks
    Is this the end of Switchzilla's dashboard creep?

    Cisco Live In his first in-person Cisco Live keynote in two years, CEO Chuck Robbins didn't make any lofty claims about how AI is taking over the network or how the company's latest products would turn networking on its head. Instead, the presentation was all about working with customers to make their lives easier.

    "We need to simplify the things that we do with you. If I think back to eight or ten years ago, I think we've made progress, but we still have more to do," he said, promising to address customers' biggest complaints with the networking giant's various platforms.

    "Everything we find that is inhibiting your experience from being the best that it can be, we're going to tackle," he declared, appealing to customers to share their pain points at the show.

    Continue reading
  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Datacenter networks: You'll manage them from the cloud, eventually, claims Cisco
    Nexus portfolio undergoes cloudy Software-as-a-Service revamp

    Cisco's Nexus Cloud will eventually allow customers to manage their datacenter networks entirely from the cloud, says the networking giant.

    The company unveiled the latest addition to its datacenter-focused Nexus portfolio at Cisco Live this week, where the product set got a software-as-a-service (SaaS) revamp.

    "It's targeted at network operations teams that need to manage, or want to manage, their Nexus infrastructure as well as their public-cloud network infrastructure in one spot," Cisco's Thomas Scheibe – VP product management, cloud networking for Nexus & ACI product lines – told The Register.

    Continue reading

Biting the hand that feeds IT © 1998–2022