Friday, May 24, 2024

Critical Flaw in Cisco IOS Routers Let Remote Hackers Take Complete Control of the Systems

Recently, Cisco has announced that it has fixed many vulnerabilities in Cisco IOS Routers, including more than a dozen vulnerabilities that are affecting the company’s industrial routers and switches.

In total, 25 vulnerabilities of high and critical severity levels were eliminated as part of IOS and IOS XE.

Moreover, the company has also published a number of other recommendations as well on problems of high and medium severity affecting the iOS and other software.

One of the most serious critical issues is CVE-2020-3205, which allows an unauthenticated attacker to execute arbitrary shell commands on a VDS server.

An attacker can exploit this security flaw by simply sending specially crafted packets to the victim’s device, and a successful attack can lead to a complete compromise of the system.

Another critical vulnerability, which received the identifier CVE-2020-3198, and it’s also similar to the first one.

As it allows an unauthenticated attacker to remotely execute the arbitrary code on the vulnerable system, that simply cause a crash and then reboot the device, by sending the malicious packets to the device.

These issues affect the Cisco ISR 809 and 829 Industrial Routers and the 1000 Series CGRs as well.

Apart from this, they also identified the CVE-2020-3227 as critical; in short, it is also no less dangerous than the previous ones, as this flaw has scored 9.8 points out of 10 on the CVSS scale.

CVE-2020-3227: Software Privilege Escalation Vulnerability

In the CVE-2020-3227 flaw, the issue is with authorization controls for the Cisco IOx infrastructure in Cisco IOS XE.

As the bug allows an attacker without credentials and authorization to access the Cisco IOx API and execute commands remotely.

Cisco IOS Routers

So, it turned out that IOx does not correctly handle requests for authorization tokens, and as a result, it allows an attacker to use a special API commands, request a token, and execute arbitrary commands on the affected device.

Moreover, Cisco already clarified that it had released the necessary software updates that address this vulnerability, as there are no workarounds available that can address this security flaw.

Now, if we talk about the products that are affected by this flaw, then let me clarify that Cisco has already confirmed the Cisco IOS XE Software releases 16.3.1 is affected by this security flaw.

Learn here for more info about this vulnerability.

CVE-2020-3205:VM Channel Command Injection Vulnerability

The CVE-2020-3205 security flaw is present in the inter-VM channel of Cisco IOS Software for the Cisco 809, Cisco 829, and Cisco 1000 Series routers (CGR1000); these are the routers that are designed on a hypervisor architecture. And this could easily allow an unauthenticated attacker to execute arbitrary shell commands VDS of the affected device.

Cisco IOS Routers

This security flaw could be used by an attacker by sending malicious packets to the victim.

Once the attacker gets success in exploiting this security flaw, then he/she could efficiently execute the arbitrary commands with the privileges of the root user in the context of the Linux shell of VDS.

Moreover, this could also lead to a complete system compromise, as well. Apart from this, to address this vulnerability, Cisco has already released the software updates, as there are no workarounds are available currently that will address this vulnerability.

Apart from all these things, this flaw has affected the Cisco 809, 829 Industrial ISRs, and CGR1000 (Cisco 1000 Series Connected Grid Routers) routers, as Cisco itself has confirmed.

For more info about this flaw, click here.

CVE-2020-3198: Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities

In the case of CVE-2020-3198, a router crash or restart can be triggered by the attacker. All you need to do is just send specially crafted UDP packets to the port 9700 via IPv4 or IPv6, and not only that but even Cisco has also rated this vulnerability as 9.8 out of 10 points.

Cisco IOS Routers

While the CVE-2020-3258 security flaw has received 5.7 scores out of 10 points, and it is a little less serious, but still, it’s severe. By exploiting this flaw, an attacker can efficiently execute malicious code that is limited to a local user who also has valid login data for the highest security level. Later, this could manipulate the working memory of a device and simply overwrite the system memory.

Apart from all these things, this security flaw has affected the Cisco 809, 829 Industrial ISRs, CGR1000 (Cisco 1000 Series Connected Grid Routers) routers. For more info about this flaw, click here.

The other vulnerabilities were also marked as severe, as they can be used by the attackers to increase privileges using hard-coded credentials, DoS attacks, executing arbitrary shell commands, and downloading images of malicious firmware. 

However, to use these security flaws, authentication, local access, or activity of functions that are disabled by default will be required. Some of the high severity vulnerabilities are related to IOx, as they allow the attackers to write and modify the arbitrary files, direct DoS attacks, and execute arbitrary code with elevated rights.

Vulnerabilities that are marked with moderate severity affects the Cisco industrial products and can be used by authenticated attackers to XSS attacks and overwrite arbitrary files. Cisco has released the list of affected products, and the list includes:-

  • Cisco 800 Industrial ISRs
  • Cisco 809 Industrial ISRs
  • Cisco 829 Industrial ISRs
  • CGR1000 (Cisco 1000 Series Connected Grid Routers)
  • IC3000 Industrial Compute Gateway
  • Industrial Ethernet (IE) 4000 series switches
  • Catalyst IE3400 secure series switches
  • IR510 WPAN routers

So, what do you think about this? Share all your views and thoughts in the comment section below.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read:

New Zoom Flaw Let Attackers to Hack into the Systems of Participants via Chat Messages

A Critical Software Bug Turns an Airplane to the Wrong Way – Turned Right Instead of Left

Russian APT Hackers Exploiting Exim Vulnerability Since 2019 – NSA Warns


Latest articles

Hackers Weaponizing Microsoft Access Documents To Execute Malicious Program

In multiple aggressive phishing attempts, the financially motivated organization UAC-0006 heavily targeted Ukraine, utilizing...

Microsoft Warns Of Storm-0539’s Aggressive Gift Card Theft

Gift cards are attractive to hackers since they provide quick monetization for stolen data...

Kinsing Malware Attacking Apache Tomcat Server With Vulnerabilities

The scalability and flexibility of cloud platforms recently boosted the emerging trend of cryptomining...

NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers

Zero Trust Maturity measures the extent to which an organization has adopted and implemented...

Chinese Hackers Stay Hidden On Military And Government Networks For Six Years

Hackers target military and government networks for varied reasons, primarily related to spying, which...

DNSBomb : A New DoS Attack That Exploits DNS Queries

A new practical and powerful Denial of service attack has been discovered that exploits...

Malicious PyPI & NPM Packages Attacking MacOS Users

Cybersecurity researchers have identified a series of malicious software packages targeting MacOS users.These...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles