Cisco urges patch of critical router flaw

By on
Cisco urges patch of critical router flaw

Cisco Systems late last week disclosed 29 new vulnerabilities, including a critical alert for customers using its ASR 9000 Series Aggregation Services Routers. A flaw on the router, if not fixed, can be exploited remotely without user credentials, the networking giant said on its security advisories and alerts page.

Cisco instructed ASR 9000 Series Aggregation Services router users to install an update to address a critical flaw on Wednesday. The ASR vulnerability is the most severe of the 29 new flaws that Cisco has disclosed with a severity rating of 9.8 out of a possible 10.

The vulnerability, according to Cisco, is due to incorrect isolation of the secondary management interface from internal sysadmin applications. If exploited by a hacker, a denial of service attack or remote unauthenticated access to the device could result, Cisco said.

Cisco released software updates that address this vulnerability just as CRN Australia readers headed off on their Easter break. The company said that flaw only affects Cisco software running on ASR9000 Series Aggregation Services Routers and no other platforms have been impacted.

The CERT Coordination Center at Carnegie Mellon University last week found that VPN apps built by Cisco, Palo Alto Networks, F5 Networks and Pulse Secure insecurely store authentication tokens and session cookies in memory or log files. Once the report was published, the U.S. Department of Homeland Security's cybersecurity division issued an alert. Cisco denied being impacted by the flaw after it said it had investigated this issue and determined that its AnyConnect platform is not vulnerable to the behavior described in the vulnerability note from CERT.

This article originally appeared at crn.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2018 The Channel Company, LLC. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

Have you noticed any of the recent public cloud outages?
Yes, it's caused a lot of headaches
Yes, but it's only a minor inconvenience
Yes, but it hasn't had any impact on business
What outages?
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?