Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Vulnerability on specific Cisco Industrial / Grid router models - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Vulnerability on specific Cisco Industrial / Grid router models

Our reader Marc reports a vulnerability posted by Cisco yesterday:

This issue affects hosts that support and are running Guests as a Hypervisor.  In particular, the note calls out model 800 Industrial ISR Routers and model 1000 Grid routers.  The vulnerability describes a failure in RBAC (Role Based Access Control), where a guest user can get access to a guest VM when only admin users have that access configured - so a privilege escallation from host to guest.

While this affects only a very small subset of Cisco customers, the customers that are affected are likely to be in the public utility sector, and be subject to NERC / FERC regulatory controls.  

So for the folks that are affected by this, please treat this as a high priority, time to schedule a maintenance window to patch!

Rob VandenBrink
rob <at>

Rob VandenBrink

579 Posts
ISC Handler
Sep 26th 2019

Sign Up for Free or Log In to start participating in the conversation!