Our reader Marc reports a vulnerability posted by Cisco yesterday: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth This issue affects hosts that support and are running Guests as a Hypervisor. In particular, the note calls out model 800 Industrial ISR Routers and model 1000 Grid routers. The vulnerability describes a failure in RBAC (Role Based Access Control), where a guest user can get access to a guest VM when only admin users have that access configured - so a privilege escallation from host to guest. While this affects only a very small subset of Cisco customers, the customers that are affected are likely to be in the public utility sector, and be subject to NERC / FERC regulatory controls. So for the folks that are affected by this, please treat this as a high priority, time to schedule a maintenance window to patch! =============== |
Rob VandenBrink 579 Posts ISC Handler Sep 26th 2019 |
Thread locked Subscribe |
Sep 26th 2019 2 years ago |
Sign Up for Free or Log In to start participating in the conversation!