Home » News » Experts found a critical vulnerability in the Cisco routers with a threat level of 10 out of 10 points

Experts found a critical vulnerability in the Cisco routers with a threat level of 10 out of 10 points

In several series of Cisco IOS XE routers has been discovered critical vulnerability. This is a rare case when a vulnerability is rated at 10 out of 10 on a threat scale.

Cisco Systems strongly recommends urgently installing a patch on routers running the IOS XE operating system. The vulnerability CVE-2019-12643, which eliminates this patch, received a rare 10 points out of 10 possible on the CVSS threat scale.

The vulnerability itself was identified in the Cisco REST virtual container API. Thanks to it, an attacker can very easily bypass authorization on a Cisco IOS XE device.

The problem is in insufficient code verification in the authorization service of the software component.

“A successful exploit could allow the attacker to obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device”, — report in Cisco company.

Despite the fact that the vulnerability is considered “absolutely critical”, there are a number of nuances that somewhat reduce its threat.

In particular, the REST API is inactive by default. It must be specially installed and activated on devices running iOS XE, otherwise the vulnerability will not work.

Read also: How to remove Microsoft Windows system has detected computer threat?

The Cisco description says that when the REST Container Services API is activated, the entire device is vulnerable. Therefore, the manufacturer released not only a fixed version of the REST API, but also a “strengthened” version of Cisco IOS XE, which will prevent the installation or activation of a vulnerable version of the container or deactivate it if it is installed and activated earlier.

Reference:

Cisco’s REST API – an application that runs in a virtual container on a device and comes in the form of an open virtual application (OVA) with an .ova extension.

At the moment, it is known for certain that the vulnerability affects the routers of the following series 4000, ASR 1000 1000V. Vulnerable are also virtual routers (Cisco Integrated Services Virtual Router).

“Cisco routers are among the most popular devices of this kind in the world, so any vulnerability in them poses an increased threat. 10 out of 10 points, however, is pretty rare: this should mean that the exploitation of the vulnerability is extremely simple and that as a result the attacker gains full control over the device. In any case, the released patch should be installed as quickly as possible”, — the security experts from Cisco advise.

To cut off the attack vector, admins also can delete Cisco’s REST API OVA package that in some cases can be bundled with the IO XE software image. However, Cisco also notes that the vulnerability can’t be fully mitigated with a workaround.

About Lyubov Samoilova

I have worked in the antivirus software industry for 5+ years and am passionate about all things relating to tech content marketing, creativity, and making the world a more safety place. I am increasingly excited about the ways technology and communication are intersecting in the 21st century and am always looking for ways to expand my experience.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.