Friday, October 4, 2024
HomeCiscoCritical Flaw in Cisco IOS Routers Let Remote Hackers Take Complete Control...

Critical Flaw in Cisco IOS Routers Let Remote Hackers Take Complete Control of the Systems

Published on

Recently, Cisco has announced that it has fixed many vulnerabilities in Cisco IOS Routers, including more than a dozen vulnerabilities that are affecting the company’s industrial routers and switches.

In total, 25 vulnerabilities of high and critical severity levels were eliminated as part of IOS and IOS XE.

Moreover, the company has also published a number of other recommendations as well on problems of high and medium severity affecting the iOS and other software.

- Advertisement - EHA

One of the most serious critical issues is CVE-2020-3205, which allows an unauthenticated attacker to execute arbitrary shell commands on a VDS server.

An attacker can exploit this security flaw by simply sending specially crafted packets to the victim’s device, and a successful attack can lead to a complete compromise of the system.

Another critical vulnerability, which received the identifier CVE-2020-3198, and it’s also similar to the first one.

As it allows an unauthenticated attacker to remotely execute the arbitrary code on the vulnerable system, that simply cause a crash and then reboot the device, by sending the malicious packets to the device.

These issues affect the Cisco ISR 809 and 829 Industrial Routers and the 1000 Series CGRs as well.

Apart from this, they also identified the CVE-2020-3227 as critical; in short, it is also no less dangerous than the previous ones, as this flaw has scored 9.8 points out of 10 on the CVSS scale.

CVE-2020-3227: Software Privilege Escalation Vulnerability

In the CVE-2020-3227 flaw, the issue is with authorization controls for the Cisco IOx infrastructure in Cisco IOS XE.

As the bug allows an attacker without credentials and authorization to access the Cisco IOx API and execute commands remotely.

Cisco IOS Routers

So, it turned out that IOx does not correctly handle requests for authorization tokens, and as a result, it allows an attacker to use a special API commands, request a token, and execute arbitrary commands on the affected device.

Moreover, Cisco already clarified that it had released the necessary software updates that address this vulnerability, as there are no workarounds available that can address this security flaw.

Now, if we talk about the products that are affected by this flaw, then let me clarify that Cisco has already confirmed the Cisco IOS XE Software releases 16.3.1 is affected by this security flaw.

Learn here for more info about this vulnerability.

CVE-2020-3205:VM Channel Command Injection Vulnerability

The CVE-2020-3205 security flaw is present in the inter-VM channel of Cisco IOS Software for the Cisco 809, Cisco 829, and Cisco 1000 Series routers (CGR1000); these are the routers that are designed on a hypervisor architecture. And this could easily allow an unauthenticated attacker to execute arbitrary shell commands VDS of the affected device.

Cisco IOS Routers

This security flaw could be used by an attacker by sending malicious packets to the victim.

Once the attacker gets success in exploiting this security flaw, then he/she could efficiently execute the arbitrary commands with the privileges of the root user in the context of the Linux shell of VDS.

Moreover, this could also lead to a complete system compromise, as well. Apart from this, to address this vulnerability, Cisco has already released the software updates, as there are no workarounds are available currently that will address this vulnerability.

Apart from all these things, this flaw has affected the Cisco 809, 829 Industrial ISRs, and CGR1000 (Cisco 1000 Series Connected Grid Routers) routers, as Cisco itself has confirmed.

For more info about this flaw, click here.

CVE-2020-3198: Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities

In the case of CVE-2020-3198, a router crash or restart can be triggered by the attacker. All you need to do is just send specially crafted UDP packets to the port 9700 via IPv4 or IPv6, and not only that but even Cisco has also rated this vulnerability as 9.8 out of 10 points.

Cisco IOS Routers

While the CVE-2020-3258 security flaw has received 5.7 scores out of 10 points, and it is a little less serious, but still, it’s severe. By exploiting this flaw, an attacker can efficiently execute malicious code that is limited to a local user who also has valid login data for the highest security level. Later, this could manipulate the working memory of a device and simply overwrite the system memory.

Apart from all these things, this security flaw has affected the Cisco 809, 829 Industrial ISRs, CGR1000 (Cisco 1000 Series Connected Grid Routers) routers. For more info about this flaw, click here.

The other vulnerabilities were also marked as severe, as they can be used by the attackers to increase privileges using hard-coded credentials, DoS attacks, executing arbitrary shell commands, and downloading images of malicious firmware. 

However, to use these security flaws, authentication, local access, or activity of functions that are disabled by default will be required. Some of the high severity vulnerabilities are related to IOx, as they allow the attackers to write and modify the arbitrary files, direct DoS attacks, and execute arbitrary code with elevated rights.

Vulnerabilities that are marked with moderate severity affects the Cisco industrial products and can be used by authenticated attackers to XSS attacks and overwrite arbitrary files. Cisco has released the list of affected products, and the list includes:-

  • Cisco 800 Industrial ISRs
  • Cisco 809 Industrial ISRs
  • Cisco 829 Industrial ISRs
  • CGR1000 (Cisco 1000 Series Connected Grid Routers)
  • IC3000 Industrial Compute Gateway
  • Industrial Ethernet (IE) 4000 series switches
  • Catalyst IE3400 secure series switches
  • IR510 WPAN routers

So, what do you think about this? Share all your views and thoughts in the comment section below.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read:

New Zoom Flaw Let Attackers to Hack into the Systems of Participants via Chat Messages

A Critical Software Bug Turns an Airplane to the Wrong Way – Turned Right Instead of Left

Russian APT Hackers Exploiting Exim Vulnerability Since 2019 – NSA Warns

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Cisco Nexus Vulnerability Let Hackers Execute Arbitrary Commands on Vulnerable Systems

A critical vulnerability has been discovered in Cisco's Nexus Dashboard Fabric Controller (NDFC), potentially...

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new...

CISA Warns of Four Vulnerabilities that Exploited Actively in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about four critical vulnerabilities currently...