CVE-2019-1710: Cisco IOS XR 64-bit Software Critical Security Vulnerability Alert

Cisco released an announcement to fix a vulnerability in the IOS XR 64-bit software used in the Cisco ASR 9000 Series (CVE-2019-1710). The vulnerability is caused by faulty isolation of the secondary management interface from the internal sysadmin application, which “allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM.”

Affected version

• Cisco IOS XR 64-bit Software Release 6.5.x < 6.5.3
• Cisco IOS XR 64-bit Software Release 7.0.x < 7.0.1

Unaffected version

• Cisco IOS XR 64-bit Software Release 6.5.3
• Cisco IOS XR 64-bit Software Release 7.0.1

Solution

Cisco released the patch to fix the above vulnerability, please users should upgrade Cisco IOS XR 64-bit Software as soon as possible.