Cisco warns of critical error in ASR 9000 Series routers

Cisco has announced 29 new vulnerabilities and is alerting customers using ASR 9000 Series Aggregation Services Routers about a critical failure. The vulnerability can be exploited remotely, without the need for a password. The error will be solved with an update.

The ASR error is called CVE-2019-1710. According to ZDNet, it is one of the most serious vulnerabilities of the dozens that the company has announced. The error comes at a severity level of 9.8 out of 10. The error is in the sysadmin virtual machine on an ASR router, which runs a vulnerable version of Cisco IOS XR 64-bit Software. An attacker can use the error to access applications running on the virtual machine.

“The vulnerability is caused by incorrect isolation of the secondary management interface of internal sysadmin applications,” says the company. “An attacker can exploit this vulnerability by connecting one of the listening internal applications. A successful exploit can result in unstable conditions, including a DoS and remote unauthenticated access to the device.”

According to Cisco, administrators should check whether a secondary interface in the IOS XR 64-bit software is connected. If the secondary management interface is configured and connected, the device is vulnerable. The error affects only Cisco software running on the ASR9000 Aggregation Services Routers, but no other platforms.

Update

Cisco reports that it has released software updates to solve the vulnerability. The problem is solved in Cisco IOS XR 64-bit Software Release 6.5.3 and 7.0.1.

In addition, the company has issued warnings about two previously resolved issues, which are now being abused in a DNS hijacking campaign called Sea Turtle. The five other serious vulnerabilities were detected by Cisco during internal tests. Three of these are found in the Wireless LAN Controller software. A fourth is the Expressway Series and TelePresence Video Communication Server, and the fifth is Aironet Series Access Points.