A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM. The vulnerability is due to incorrect isolation of the secondary management interface from internal sysadmin applications. An attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could result in unstable conditions, including both a denial of service and remote unauthenticated access to the device. This vulnerability has been fixed in Cisco IOS XR 64-bit Software Release 6.5.3 and 7.0.1, which will edit the calvados_boostrap.cfg file and reload the device.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2019-04-17T21:50:14.866995Z
Updated: 2024-09-16T23:50:53.607Z
Reserved: 2018-12-06T00:00:00
Link: CVE-2019-1710
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-04-17T22:29:00.390
Modified: 2019-10-09T23:47:47.393
Link: CVE-2019-1710
Redhat
No data.