Cisco Systems has patched a critical IOx vulnerability that could potentially allow a remote attacker to execute custom code on the affected hardware, gaining root privileges and taking control of the device, which is a huge data security threat.
The way this was done is by initiating a stack overflow attack, which would allow remote code to be executed with root privileges. The hack only applied to affected routers running IOx software. However, the attack would be limited to the scope of the virtual instance, so it would not be able to affect the hardware directly.
Supposedly, only routers from Cisco 800 series were affected by the vulnerability, namely the IR809 and IR829 models.
You can download the patch from Cisco’s official website.
On Wednesday, however, Cisco announced an additional set of vulnerabilities, each of them classified as critical. The company has already released a patch for each of these. Still, let’s briefly go over what they are and the type of threat associated with them:
CVE-2017-3852 and CVE-2017-3851
These are related to the company’s application-hosting framework. The Cisco 4000, 800, and ASR 1000 series routers were affected by these vulnerabilities.
CVE-2017-3864, CVE-2017-3857 and CVE-2017-3856
According to Cisco, these vulnerabilities could allow an attacker to overload the affected devices.
This vulnerability affects the ASR 920 Series Aggregation Services Routers and could cause the affected device to reload.
The final vulnerability was present in the framework of IOx software. An authenticated remote attacker could inject arbitrary commands that were executed with root privileges.