Four critical flaws have been disclosed by Cisco, affecting router equipment operating on IOS XE and IOS software created by the company. the critical flaws are part of Cisco’s June 3 semi-annual advisory and were disclosed alongside 23 advisories describing 25 vulnerabilities in total.
The most severe bug, CVE-2020-3227, is classified as a 9.8 out of 10, and concerns the authorization controls for the Cisco IOx application hosting infrastructure, allowing for a remote attacker without any credentials to execute Cisco IOx API commands. The hacker can exploit the flaw with a unique API call to request the token and then execute unauthorized commands, according to the report.
Read More: Critical flaw in IOS routers allows ‘complete system compromise’