Skip to main content

Major Security Flaw Found In Some Cisco Routers

By June 10, 2020May 11th, 2022Cybersecurity

Recently, Cisco disclosed the existence of four serious security flaws in their routers that use iOS and iOS XE software. One of the four, CVE-2020-3227 is rated at a severity of 9.8 out of 10.

It allows a remote attacker without credentials to execute commands to the operating software without proper authorization, which in turn, allows a hacker to take complete control over the system.

One of the other security flaws announced, CVE-2020-3025 is a command-injection vulnerability in Cisco 809 and 829 Industrial Integrated Services Routers, and in Cisco 1000 Series Connected Grid Routers. Here, the vulnerability is that since the software doesn’t adequately validate signaling packets, a determined hacker could send malicious packets to the device to gain control of the Virtual Device Server (VDS). From there, they can compromise the entire system.

The third and fourth issues are being tracked under CVE-2020-3198 and CVE-2020-3258, and again targets the company’s 800 Series Industrial Routers. This allows hackers to execute commands to the device, causing it to crash and reboot. Like the first one we mentioned, this one scores a severity of 9.8 out of ten.

The fourth bug is somewhat less serious, scoring only a 5.7 out of ten. A That one allows an attacker to modify the device’s run-time memory, overwriting system memory and executing arbitrary code on an impacted device.

The good news is that the company already has a fix for all of the security flaws outlined above. So if you use any of the devices mentioned earlier, head to the company’s site to be sure you’ve got the latest security patch. Just to be safe, if you use any type of Cisco Industrial Router, now is a good time to double check to make sure you’ve got the latest security patches installed. A few minutes checking could save you thousands of dollars and spare you from a great many sleepless nights.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.