Cisco released an announcement to fix a vulnerability in the IOS XR 64-bit software used in the Cisco ASR 9000 Series (CVE-2019-1710). The vulnerability is caused by faulty isolation of the secondary management interface from the internal sysadmin application, which “allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM.”
- Cisco IOS XR 64-bit Software Release 6.5.x < 6.5.3
- Cisco IOS XR 64-bit Software Release 7.0.x < 7.0.1
- Cisco IOS XR 64-bit Software Release 6.5.3
- Cisco IOS XR 64-bit Software Release 7.0.1
Cisco released the patch to fix the above vulnerability, please users should upgrade Cisco IOS XR 64-bit Software as soon as possible.