Critical flaw in IOS routers allows ‘complete system compromise’
Four critical flaws have been disclosed by Cisco, affecting router equipment operating on IOS XE and IOS software created by the company. the critical flaws are part of Cisco’s June 3 semi-annual advisory and were disclosed alongside 23 advisories describing 25 vulnerabilities in total.
The most severe bug, CVE-2020-3227, is classified as a 9.8 out of 10, and concerns the authorization controls for the Cisco IOx application hosting infrastructure, allowing for a remote attacker without any credentials to execute Cisco IOx API commands. The hacker can exploit the flaw with a unique API call to request the token and then execute unauthorized commands, according to the report.