Fri. Jul 10th, 2020

Cisco IOS Multiple High Risk Security Vulnerability Alert

2 min read

Recently, Cisco officially released security advisories for multiple vulnerabilities in IOS (Cisco Internetworking Operating System) components, the vulnerability number is CVE-2020-3227/CVE-2020-3205/CVE-2020-3198/CVE-2020-3258 and vulnerability rating is high risk.

Cisco Internetwork Operating System (IOS) is a family of network operating systems used on many Cisco Systems routers and current Cisco network switches. Earlier, Cisco switches ran CatOS. IOS is a package of routing, switching, internetworking and telecommunications functions integrated into a multitasking operating system. Although the IOS code base includes a cooperative multitasking kernel, most IOS features have been ported to other kernels such as QNX and Linux for use in Cisco products.

The Cisco IOS component has privilege escalation/command injection/arbitrary code execution vulnerabilities. An attacker can send a special request packet to cause remote command execution.

Vulnerability detail

Affected version

  • Cisco IOS XE:<=16.3.1
  • Cisco 809 ISR
  • Cisco 829 ISR
  • CGR1000

Solution

Cisco released the security patch to fix these vulnerabilities. Users should upgrade the Cisco IOS to the latest version.