Cisco’s warning: Critical flaw in IOS routers allows ‘complete system compromise’

Cisco has disclosed four critical security flaws affecting router equipment that uses its IOS XE and IOS software.

The four critical flaws are part of Cisco’s June 3 semi-annual advisory bundle for IOS XE and IOS networking software, which includes 23 advisories describing 25 vulnerabilities.

The 9.8 out of 10 severity bug, CVE-2020-3227, concerns the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software, which allows a remote attacker without credentials to execute Cisco IOx API commands without proper authorization.

Read more…
Source: ZDNet