Major Security Flaw Found In Some Cisco Routers

June 10, 2020

Written by wukovits

Recently, Cisco disclosed the existence of four serious security flaws in their routers that use iOS and iOS XE software. One of the four, CVE-2020-3227 is rated at a severity of 9.8 out of 10.

It allows a remote attacker without credentials to execute commands to the operating software without proper authorization, which in turn, allows a hacker to take complete control over the system.

One of the other security flaws announced, CVE-2020-3025 is a command-injection vulnerability in Cisco 809 and 829 Industrial Integrated Services Routers, and in Cisco 1000 Series Connected Grid Routers. Here, the vulnerability is that since the software doesn’t adequately validate signaling packets, a determined hacker could send malicious packets to the device to gain control of the Virtual Device Server (VDS). From there, they can compromise the entire system.

The third and fourth issues are being tracked under CVE-2020-3198 and CVE-2020-3258, and again targets the company’s 800 Series Industrial Routers. This allows hackers to execute commands to the device, causing it to crash and reboot. Like the first one we mentioned, this one scores a severity of 9.8 out of ten.

The fourth bug is somewhat less serious, scoring only a 5.7 out of ten. A That one allows an attacker to modify the device’s run-time memory, overwriting system memory and executing arbitrary code on an impacted device.

The good news is that the company already has a fix for all of the security flaws outlined above. So if you use any of the devices mentioned earlier, head to the company’s site to be sure you’ve got the latest security patch. Just to be safe, if you use any type of Cisco Industrial Router, now is a good time to double check to make sure you’ve got the latest security patches installed. A few minutes checking could save you thousands of dollars and spare you from a great many sleepless nights.

Used with permission from Article Aggregator

Related Articles

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Update VMWare Software Immediately To Avoid Possible Attack

The US Cybersecurity and Infrastructure Security Agency recently issued a warning to all companies running VMware Vcenter Server and VMware Cloud Foundation. They are asking them to download and apply the latest security patches as soon as possible because attackers...

Send us a message

Your message was sent.

Thank you for contacting Bayou Technologies. We'll be in touch soon!

Need help? support-icon