Cisco IOS Multiple High Risk Security Vulnerability Alert

Recently, Cisco officially released security advisories for multiple vulnerabilities in IOS (Cisco Internetworking Operating System) components, the vulnerability number is CVE-2020-3227/CVE-2020-3205/CVE-2020-3198/CVE-2020-3258 and vulnerability rating is high risk.

Cisco Internetwork Operating System (IOS) is a family of network operating systems used on many Cisco Systems routers and current Cisco network switches. Earlier, Cisco switches ran CatOS. IOS is a package of routing, switching, internetworking and telecommunications functions integrated into a multitasking operating system. Although the IOS code base includes a cooperative multitasking kernel, most IOS features have been ported to other kernels such as QNX and Linux for use in Cisco products.

The Cisco IOS component has privilege escalation/command injection/arbitrary code execution vulnerabilities. An attacker can send a special request packet to cause remote command execution.

Vulnerability detail

• CVE-2020-3227: Cisco IOx for IOS XE Software Privilege Escalation Vulnerability.A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization.
• CVE-2020-3205: Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability

  A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device.
• CVE-2020-3198/CVE-2020-3258: Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities

  Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload.

Affected version

• Cisco IOS XE：<=16.3.1
• Cisco 809 ISR
• Cisco 829 ISR
• CGR1000

Solution

Cisco released the security patch to fix these vulnerabilities. Users should upgrade the Cisco IOS to the latest version.