Your one-stop web resource providing safety and security information to manufacturers

Cisco has a fix to handle a vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software which could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM.

The vulnerability is due to incorrect isolation of the secondary management interface from internal sysadmin applications.

Cisco Re-Patches Router Holes
Cisco Fixes UI or IOS XE Software
Cisco Fixes CSPC, Won’t Fix IP Phone Hole
Cisco Fixes Critical Firewall, Router Hole

An attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could result in unstable conditions, including both a denial of service and remote unauthenticated access to the device.

In addition to the software updates, Cisco released workarounds that address the vulnerability, according to an advisory.

Cyber Security

This vulnerability affects Cisco ASR 9000 Series Aggregation Services Routers running an affected version of Cisco IOS XR 64-bit Software and have the secondary management interface (physically MGT LAN 1 on the route switch processor (RSP)) connected and configured.

To determine if the secondary management interface is connected, log in to the sysadmin virtual machine and use the show interface command. If the secondary management interface is configured and connected, the device is vulnerable.

Users can perform a workaround, which is equivalent to upgrading to a fixed software release. Although the reload of the sysadmin VM is hitless, Cisco recommends performing this change during a maintenance window.

In addition to the workaround, Cisco released software updates that address the vulnerability . Customers may only install and expect support for software versions and feature sets for which they have purchased a license.

Pin It on Pinterest

Share This