Monday, December 4, 2023

Critical Flaw in Cisco IOS Routers Let Remote Hackers Take Complete Control of the Systems

Recently, Cisco has announced that it has fixed many vulnerabilities in Cisco IOS Routers, including more than a dozen vulnerabilities that are affecting the company’s industrial routers and switches.

In total, 25 vulnerabilities of high and critical severity levels were eliminated as part of IOS and IOS XE.

Moreover, the company has also published a number of other recommendations as well on problems of high and medium severity affecting the iOS and other software.

One of the most serious critical issues is CVE-2020-3205, which allows an unauthenticated attacker to execute arbitrary shell commands on a VDS server.

An attacker can exploit this security flaw by simply sending specially crafted packets to the victim’s device, and a successful attack can lead to a complete compromise of the system.

Another critical vulnerability, which received the identifier CVE-2020-3198, and it’s also similar to the first one.

As it allows an unauthenticated attacker to remotely execute the arbitrary code on the vulnerable system, that simply cause a crash and then reboot the device, by sending the malicious packets to the device.

These issues affect the Cisco ISR 809 and 829 Industrial Routers and the 1000 Series CGRs as well.

Apart from this, they also identified the CVE-2020-3227 as critical; in short, it is also no less dangerous than the previous ones, as this flaw has scored 9.8 points out of 10 on the CVSS scale.

CVE-2020-3227: Software Privilege Escalation Vulnerability

In the CVE-2020-3227 flaw, the issue is with authorization controls for the Cisco IOx infrastructure in Cisco IOS XE.

As the bug allows an attacker without credentials and authorization to access the Cisco IOx API and execute commands remotely.

Cisco IOS Routers

So, it turned out that IOx does not correctly handle requests for authorization tokens, and as a result, it allows an attacker to use a special API commands, request a token, and execute arbitrary commands on the affected device.

Moreover, Cisco already clarified that it had released the necessary software updates that address this vulnerability, as there are no workarounds available that can address this security flaw.

Now, if we talk about the products that are affected by this flaw, then let me clarify that Cisco has already confirmed the Cisco IOS XE Software releases 16.3.1 is affected by this security flaw.

Learn here for more info about this vulnerability.

CVE-2020-3205:VM Channel Command Injection Vulnerability

The CVE-2020-3205 security flaw is present in the inter-VM channel of Cisco IOS Software for the Cisco 809, Cisco 829, and Cisco 1000 Series routers (CGR1000); these are the routers that are designed on a hypervisor architecture. And this could easily allow an unauthenticated attacker to execute arbitrary shell commands VDS of the affected device.

Cisco IOS Routers

This security flaw could be used by an attacker by sending malicious packets to the victim.

Once the attacker gets success in exploiting this security flaw, then he/she could efficiently execute the arbitrary commands with the privileges of the root user in the context of the Linux shell of VDS.

Moreover, this could also lead to a complete system compromise, as well. Apart from this, to address this vulnerability, Cisco has already released the software updates, as there are no workarounds are available currently that will address this vulnerability.

Apart from all these things, this flaw has affected the Cisco 809, 829 Industrial ISRs, and CGR1000 (Cisco 1000 Series Connected Grid Routers) routers, as Cisco itself has confirmed.

For more info about this flaw, click here.

CVE-2020-3198: Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities

In the case of CVE-2020-3198, a router crash or restart can be triggered by the attacker. All you need to do is just send specially crafted UDP packets to the port 9700 via IPv4 or IPv6, and not only that but even Cisco has also rated this vulnerability as 9.8 out of 10 points.

Cisco IOS Routers

While the CVE-2020-3258 security flaw has received 5.7 scores out of 10 points, and it is a little less serious, but still, it’s severe. By exploiting this flaw, an attacker can efficiently execute malicious code that is limited to a local user who also has valid login data for the highest security level. Later, this could manipulate the working memory of a device and simply overwrite the system memory.

Apart from all these things, this security flaw has affected the Cisco 809, 829 Industrial ISRs, CGR1000 (Cisco 1000 Series Connected Grid Routers) routers. For more info about this flaw, click here.

The other vulnerabilities were also marked as severe, as they can be used by the attackers to increase privileges using hard-coded credentials, DoS attacks, executing arbitrary shell commands, and downloading images of malicious firmware. 

However, to use these security flaws, authentication, local access, or activity of functions that are disabled by default will be required. Some of the high severity vulnerabilities are related to IOx, as they allow the attackers to write and modify the arbitrary files, direct DoS attacks, and execute arbitrary code with elevated rights.

Vulnerabilities that are marked with moderate severity affects the Cisco industrial products and can be used by authenticated attackers to XSS attacks and overwrite arbitrary files. Cisco has released the list of affected products, and the list includes:-

  • Cisco 800 Industrial ISRs
  • Cisco 809 Industrial ISRs
  • Cisco 829 Industrial ISRs
  • CGR1000 (Cisco 1000 Series Connected Grid Routers)
  • IC3000 Industrial Compute Gateway
  • Industrial Ethernet (IE) 4000 series switches
  • Catalyst IE3400 secure series switches
  • IR510 WPAN routers

So, what do you think about this? Share all your views and thoughts in the comment section below.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read:

New Zoom Flaw Let Attackers to Hack into the Systems of Participants via Chat Messages

A Critical Software Bug Turns an Airplane to the Wrong Way – Turned Right Instead of Left

Russian APT Hackers Exploiting Exim Vulnerability Since 2019 – NSA Warns


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles