Friday, March 29, 2024

Critical Flaw in Cisco IOS Routers Let Remote Hackers Take Complete Control of the Systems

Recently, Cisco has announced that it has fixed many vulnerabilities in Cisco IOS Routers, including more than a dozen vulnerabilities that are affecting the company’s industrial routers and switches.

In total, 25 vulnerabilities of high and critical severity levels were eliminated as part of IOS and IOS XE.

Moreover, the company has also published a number of other recommendations as well on problems of high and medium severity affecting the iOS and other software.

One of the most serious critical issues is CVE-2020-3205, which allows an unauthenticated attacker to execute arbitrary shell commands on a VDS server.

An attacker can exploit this security flaw by simply sending specially crafted packets to the victim’s device, and a successful attack can lead to a complete compromise of the system.

Another critical vulnerability, which received the identifier CVE-2020-3198, and it’s also similar to the first one.

As it allows an unauthenticated attacker to remotely execute the arbitrary code on the vulnerable system, that simply cause a crash and then reboot the device, by sending the malicious packets to the device.

These issues affect the Cisco ISR 809 and 829 Industrial Routers and the 1000 Series CGRs as well.

Apart from this, they also identified the CVE-2020-3227 as critical; in short, it is also no less dangerous than the previous ones, as this flaw has scored 9.8 points out of 10 on the CVSS scale.

CVE-2020-3227: Software Privilege Escalation Vulnerability

In the CVE-2020-3227 flaw, the issue is with authorization controls for the Cisco IOx infrastructure in Cisco IOS XE.

As the bug allows an attacker without credentials and authorization to access the Cisco IOx API and execute commands remotely.

Cisco IOS Routers

So, it turned out that IOx does not correctly handle requests for authorization tokens, and as a result, it allows an attacker to use a special API commands, request a token, and execute arbitrary commands on the affected device.

Moreover, Cisco already clarified that it had released the necessary software updates that address this vulnerability, as there are no workarounds available that can address this security flaw.

Now, if we talk about the products that are affected by this flaw, then let me clarify that Cisco has already confirmed the Cisco IOS XE Software releases 16.3.1 is affected by this security flaw.

Learn here for more info about this vulnerability.

CVE-2020-3205:VM Channel Command Injection Vulnerability

The CVE-2020-3205 security flaw is present in the inter-VM channel of Cisco IOS Software for the Cisco 809, Cisco 829, and Cisco 1000 Series routers (CGR1000); these are the routers that are designed on a hypervisor architecture. And this could easily allow an unauthenticated attacker to execute arbitrary shell commands VDS of the affected device.

Cisco IOS Routers

This security flaw could be used by an attacker by sending malicious packets to the victim.

Once the attacker gets success in exploiting this security flaw, then he/she could efficiently execute the arbitrary commands with the privileges of the root user in the context of the Linux shell of VDS.

Moreover, this could also lead to a complete system compromise, as well. Apart from this, to address this vulnerability, Cisco has already released the software updates, as there are no workarounds are available currently that will address this vulnerability.

Apart from all these things, this flaw has affected the Cisco 809, 829 Industrial ISRs, and CGR1000 (Cisco 1000 Series Connected Grid Routers) routers, as Cisco itself has confirmed.

For more info about this flaw, click here.

CVE-2020-3198: Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities

In the case of CVE-2020-3198, a router crash or restart can be triggered by the attacker. All you need to do is just send specially crafted UDP packets to the port 9700 via IPv4 or IPv6, and not only that but even Cisco has also rated this vulnerability as 9.8 out of 10 points.

Cisco IOS Routers

While the CVE-2020-3258 security flaw has received 5.7 scores out of 10 points, and it is a little less serious, but still, it’s severe. By exploiting this flaw, an attacker can efficiently execute malicious code that is limited to a local user who also has valid login data for the highest security level. Later, this could manipulate the working memory of a device and simply overwrite the system memory.

Apart from all these things, this security flaw has affected the Cisco 809, 829 Industrial ISRs, CGR1000 (Cisco 1000 Series Connected Grid Routers) routers. For more info about this flaw, click here.

The other vulnerabilities were also marked as severe, as they can be used by the attackers to increase privileges using hard-coded credentials, DoS attacks, executing arbitrary shell commands, and downloading images of malicious firmware. 

However, to use these security flaws, authentication, local access, or activity of functions that are disabled by default will be required. Some of the high severity vulnerabilities are related to IOx, as they allow the attackers to write and modify the arbitrary files, direct DoS attacks, and execute arbitrary code with elevated rights.

Vulnerabilities that are marked with moderate severity affects the Cisco industrial products and can be used by authenticated attackers to XSS attacks and overwrite arbitrary files. Cisco has released the list of affected products, and the list includes:-

  • Cisco 800 Industrial ISRs
  • Cisco 809 Industrial ISRs
  • Cisco 829 Industrial ISRs
  • CGR1000 (Cisco 1000 Series Connected Grid Routers)
  • IC3000 Industrial Compute Gateway
  • Industrial Ethernet (IE) 4000 series switches
  • Catalyst IE3400 secure series switches
  • IR510 WPAN routers

So, what do you think about this? Share all your views and thoughts in the comment section below.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read:

New Zoom Flaw Let Attackers to Hack into the Systems of Participants via Chat Messages

A Critical Software Bug Turns an Airplane to the Wrong Way – Turned Right Instead of Left

Russian APT Hackers Exploiting Exim Vulnerability Since 2019 – NSA Warns

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles