CVE-2019-1710

Name of the Vulnerable Software and Affected Versions Cisco IOS XR 64-bit Software versions prior to 6.5.3 Cisco IOS XR 64-bit Software versions prior to 7.0.1

Description A vulnerability in the sysadmin virtual machine on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The issue is due to incorrect isolation of the secondary management interface from internal sysadmin applications. An attacker could exploit this by connecting to one of the listening internal applications, potentially resulting in unstable conditions, including denial of service and remote unauthenticated access to the device.

Recommendations For versions prior to 6.5.3, update to Cisco IOS XR 64-bit Software Release 6.5.3. For versions prior to 7.0.1, update to Cisco IOS XR 64-bit Software Release 7.0.1. As a temporary workaround, consider restricting access to the secondary management interface to minimize the risk of exploitation.