Critical Flaw in Cisco IOS Routers Let Remote Hackers Take Complete Control of the Systems

Recently, Cisco has announced that it has fixed many vulnerabilities in Cisco IOS Routers, including more than a dozen vulnerabilities that are affecting the company’s industrial routers and switches.

In total, 25 vulnerabilities of high and critical severity levels were eliminated as part of IOS and IOS XE.

Moreover, the company has also published a number of other recommendations as well on problems of high and medium severity affecting the iOS and other software.

One of the most serious critical issues is CVE-2020-3205, which allows an unauthenticated attacker to execute arbitrary shell commands on a VDS server.

An attacker can exploit this security flaw by simply sending specially crafted packets to the victim’s device, and a successful attack can lead to a complete compromise of the system.

Another critical vulnerability, which received the identifier CVE-2020-3198, and it’s also similar to the first one.

As it allows an unauthenticated attacker to remotely execute the arbitrary code on the vulnerable system, that simply cause a crash and then reboot the device, by sending the malicious packets to the device.

These issues affect the Cisco ISR 809 and 829 Industrial Routers and the 1000 Series CGRs as well.

Apart from this, they also identified the CVE-2020-3227 as critical; in short, it is also no less dangerous than the previous ones, as this flaw has scored 9.8 points out of 10 on the CVSS scale.

CVE-2020-3227: Software Privilege Escalation Vulnerability

In the CVE-2020-3227 flaw, the issue is with authorization controls for the Cisco IOx infrastructure in Cisco IOS XE.

As the bug allows an attacker without credentials and authorization to access the Cisco IOx API and execute commands remotely.

So, it turned out that IOx does not correctly handle requests for authorization tokens, and as a result, it allows an attacker to use a special API commands, request a token, and execute arbitrary commands on the affected device.

Moreover, Cisco already clarified that it had released the necessary software updates that address this vulnerability, as there are no workarounds available that can address this security flaw.

Now, if we talk about the products that are affected by this flaw, then let me clarify that Cisco has already confirmed the Cisco IOS XE Software releases 16.3.1 is affected by this security flaw.

Learn here for more info about this vulnerability.

CVE-2020-3205:VM Channel Command Injection Vulnerability

The CVE-2020-3205 security flaw is present in the inter-VM channel of Cisco IOS Software for the Cisco 809, Cisco 829, and Cisco 1000 Series routers (CGR1000); these are the routers that are designed on a hypervisor architecture. And this could easily allow an unauthenticated attacker to execute arbitrary shell commands VDS of the affected device.

This security flaw could be used by an attacker by sending malicious packets to the victim.

Once the attacker gets success in exploiting this security flaw, then he/she could efficiently execute the arbitrary commands with the privileges of the root user in the context of the Linux shell of VDS.

Moreover, this could also lead to a complete system compromise, as well. Apart from this, to address this vulnerability, Cisco has already released the software updates, as there are no workarounds are available currently that will address this vulnerability.

Apart from all these things, this flaw has affected the Cisco 809, 829 Industrial ISRs, and CGR1000 (Cisco 1000 Series Connected Grid Routers) routers, as Cisco itself has confirmed.

For more info about this flaw, click here.

CVE-2020-3198: Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities

In the case of CVE-2020-3198, a router crash or restart can be triggered by the attacker. All you need to do is just send specially crafted UDP packets to the port 9700 via IPv4 or IPv6, and not only that but even Cisco has also rated this vulnerability as 9.8 out of 10 points.

While the CVE-2020-3258 security flaw has received 5.7 scores out of 10 points, and it is a little less serious, but still, it’s severe. By exploiting this flaw, an attacker can efficiently execute malicious code that is limited to a local user who also has valid login data for the highest security level. Later, this could manipulate the working memory of a device and simply overwrite the system memory.

Apart from all these things, this security flaw has affected the Cisco 809, 829 Industrial ISRs, CGR1000 (Cisco 1000 Series Connected Grid Routers) routers. For more info about this flaw, click here.

The other vulnerabilities were also marked as severe, as they can be used by the attackers to increase privileges using hard-coded credentials, DoS attacks, executing arbitrary shell commands, and downloading images of malicious firmware. 

However, to use these security flaws, authentication, local access, or activity of functions that are disabled by default will be required. Some of the high severity vulnerabilities are related to IOx, as they allow the attackers to write and modify the arbitrary files, direct DoS attacks, and execute arbitrary code with elevated rights.

Vulnerabilities that are marked with moderate severity affects the Cisco industrial products and can be used by authenticated attackers to XSS attacks and overwrite arbitrary files. Cisco has released the list of affected products, and the list includes:-

  • Cisco 800 Industrial ISRs
  • Cisco 809 Industrial ISRs
  • Cisco 829 Industrial ISRs
  • CGR1000 (Cisco 1000 Series Connected Grid Routers)
  • IC3000 Industrial Compute Gateway
  • Industrial Ethernet (IE) 4000 series switches
  • Catalyst IE3400 secure series switches
  • IR510 WPAN routers

So, what do you think about this? Share all your views and thoughts in the comment section below.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read:

New Zoom Flaw Let Attackers to Hack into the Systems of Participants via Chat Messages

A Critical Software Bug Turns an Airplane to the Wrong Way – Turned Right Instead of Left

Russian APT Hackers Exploiting Exim Vulnerability Since 2019 – NSA Warns

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors…

2 days ago

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce shoppers…

2 days ago

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to malicious…

2 days ago

Black Basta Ransomware Leveraging Social Engineering For Malware Deployment

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in 2022…

2 days ago

Critical Laravel Vulnerability CVE-2024-52301 Allows Unauthorized Access

CVE-2024-52301 is a critical vulnerability identified in Laravel, a widely used PHP framework for building…

2 days ago

4M+ WordPress Websites to Attacks, Following Plugin Vulnerability

A critical vulnerability has been discovered in the popular "Really Simple Security" WordPress plugin, formerly…

2 days ago