Cisco NCS 540, 560, 5500, 8000, ASR 9000 Series routers affected by critical vulnerability

As usual, this week has started with the reporting of a security flaw in one of Cisco developments. According to a vulnerability testing report, the Cisco IOS XR software is impacted by a flaw in the Secure Shell (SSH) authentication feature; if exploited, this vulnerability could allow an unauthenticated remote hacker to log in to an affected device using two different usernames.

According to the report, the vulnerability exists due to a logical error, which can be triggered when certain actions are joined during an SSH login on an affected device. Threat actors could abuse this failure by logging an SSH session on the affected device with a specific sequence that presents the two usernames used for the attack.

Vulnerability testing specialists in charge of the report mention that successful exploitation of the flaw could lead to misrepresentation of login data, user enumeration and even command authorization failure in very specific cases.

The flaw, tracked as CVE-2019-1842, received a score of 5.5/10 on the Common Vulnerability Scoring System (CVSS) scale; the risk of exploitation is mentioned as medium, although the danger of a potential successful attack is high.

The Cisco vulnerability testing team mentions that the company corrected the vulnerability with the release of the latest version of Cisco IOS XR software. No workarounds are known for now, so vulnerable deployment administrators are advised to upgrade as soon as possible.

This has been a complex year starting for Cisco, as in less than two months security patches and updates have already been released for at least five critical security flaws in various products used in commercial, industrial and even domestic environments.

For more information on recently encountered security flaws, exploits, cyberattacks, and malware analysis, you can visit the official website of the International Institute of Cyber Security (IICS), as well as websites of technology companies currently working to correct these information security incidents.