The critical flaws are part of Cisco’s June 3
semi-annual advisory bundle for
IOS XE and IOS networking software, which includes 23 advisories describing 25
vulnerabilities.
The 9.8 out of 10
severity bug, CVE-2020-3227, concerns the authorization controls for the Cisco
IOx application hosting infrastructure in Cisco IOS XE Software, which allows a
remote attacker without credentials to execute Cisco IOx API commands without
proper authorization.
CVE-2020-3205 is a command-injection vulnerability
in Cisco’s implementation of the inter-VM channel of Cisco IOS Software for
Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and
Cisco 1000 Series Connected Grid Routers (CGR1000). The software doesn’t
adequately validate signaling packets directed to the Virtual Device Server
(VDS), which could allow an attacker to send malicious packets to an affected
device, gain control of VDS and then completely compromise the system,
including the IOS VM and guest VM. VDS handles access to devices that are
shared by IOS and the guest OS, such as flash memory, USB ports, and the
console. “A successful exploit could allow the attacker to execute
arbitrary commands in the context of the Linux shell of VDS with the privileges
of the root user,” Cisco said. “Because the device is designed on a hypervisor
architecture, exploitation of a vulnerability that affects the inter-VM channel
may lead to a complete system compromise.”
and CVE-2020-3258 are part of the same advisory and concern a remote code
execution vulnerability in the same industrial Cisco routers.
flaw CVE-2020-3198 allows an unauthenticated, remote attacker to execute
arbitrary code on affected systems or cause it to crash and reload. An
attacker could exploit the vulnerability by sending malicious UDP packets over
IPv4 or IPv6 to an affected device. Cisco notes that the bug can be mitigated
by implementing an access control list that restricts inbound traffic to UDP
port 9700 of the device. It has a severity score of 9.8 out of 10.
The second bug, CVE-2020-3258, is less severe with a score of 5.7 out of
10 and could allow an unauthenticated local attacker to execute arbitrary code
on the device. However, the attacker also must have valid user credentials at
privilege level 15, the highest level in Cisco’s scheme. The vulnerability
allows an attacker to modify the device’s run-time memory, overwrite system
memory locations and execute arbitrary code on the affected device.