Critical Cisco VM Bug Allows Remote Takeover of Routers
Various Cisco routers are vulnerable to remote takeover by hackers due to a security flaw that has been given the maximum severity score on the CvSS scale (10 out of 10). Cisco has released a patch for the bug and warns that it could be exploited by sending a simple HTTP request to a vulnerable router.
The critical vulnerability, tracked as (CVE-2019-12643), impacts Cisco 4000 Series Integrated Services Routers; Cisco ASR 1000 Series Aggregation Services Routers; Cisco Cloud Services Router 1000V Series; and Cisco Integrated Services Virtual Routers. However, only devices for which REST API has been enabled are affected. REST API is basically a virtual machine (VM) running on certain devices. The flaw is part of the REST API code, which is not native to the aforementioned routers.