Vulnslist

find the latest Cisco vulnerabilities

Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability

cisco-sa-20190417-asr9k-exr · Critical · Published · Updated

A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The vulnerability is due to incorrect isolation of the secondary management interface from internal sysadmin applications. An attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could result in unstable conditions, including both a denial of service and remote unauthenticated access to the device. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr

Cisco advisory ·CSAF JSON

Workarounds

Customers can perform the following workaround, which is equivalent to upgrading to a fixed software release. Although the reload of the sysadmin VM is hitless, Cisco recommends performing this change during a maintenance window:
Step 1: Access the sysadmin VM:

RP/0/RSP1/CPU0:eXR#admin
Tue Mar 12 22:46:37.110 UTC root connected from 127.0.0.1 using console on host
Step 2: Run bash and edit the calvados_bootstrap.cfg file:

sysadmin-vm:0_RSP1:eXR# run bash
Tue Mar 12 22:46:44.224 UTC bash-4.3# vi /etc/init.d/calvados_bootstrap.cfg

Step 3: Edit the file by changing:

#CTRL_VRF=0
#MGMT_VRF=2

To:

CTRL_VRF=0
MGMT_VRF=2

Exit the file and save. In dual RSP/RP systems, the edit must be performed on both active and standby RSP/RPs.

Step 4: Reload the sysadmin VM (repeat for both in dual systems):

sysadmin-vm:0_RSP1:eXR# reload admin location 0/RSP1
Tue Mar 12 22:49:28.589 UTC Reload node ? [no,yes] yes result Admin VM graceful reload request on 0/RSP1 succeeded. sysadmin-vm:0_RSP1:eXR# RP/0/RSP1/CPU0:Mar 12 22:49:34.059 UTC: rmf_svr[402]: %PKT_INFRA-FM-3-FAULT_MAJOR : ALARM_MAJOR :RP-RED-LOST-ADMINNR :DECLARE :0/RSP1/CPU0: Confd is down RP/0/RSP1/CPU0:eXR#

Wait till the admin VM returns:

RP/0/RSP1/CPU0:eXR#0/RSP1/ADMIN0:Mar 12 22:59:30.220 UTC: envmon[3680]: %PKT_INFRA-FM-3-FAULT_MAJOR : ALARM_MAJOR :Power Module redundancy lost :DECLARE :0:
RP/0/RSP1/CPU0:Mar 12 22:59:33.708 UTC: rmf_svr[402]: %PKT_INFRA-FM-3-FAULT_MAJOR : ALARM_MAJOR :RP-RED-LOST-ADMINNR :CLEAR :0/RSP1/CPU0:

CVEsCVE-2019-1710
Cisco Bug IDsCSCvn56004
CVSS ScoreBase 9.8
Base 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco IOS XR Software, Cisco ASR 9000 Series Aggregation Services Routers

CSAF Product Statuses

Product Status Source CVE Rows
Cisco ASR 9000 Series Aggregation Services Routers known_affected cisco_csaf CVE-2019-1710 1
Cisco IOS XR Software known_affected cisco_csaf CVE-2019-1710 1

Related Products

Product CVE Evidence
Cisco ASR 9000 Series Aggregation Services Routers CVE-2019-1710 Cisco OpenVuln · family-level
Cisco IOS XR Software CVE-2019-1710 Cisco OpenVuln
Cisco IOS CVE-2019-1710 Cisco OpenVuln
Cisco IOS Software CVE-2019-1710 Cisco OpenVuln