Several carrier-grade routers from Cisco are said to contain a severe software vulnerability that is allegedly being exploited by Chinese state-sponsored attackers.
Earlier this week, the company warned its clients that a number of its routers, all of which are running IOS XR Software, are vulnerable to the high-severity CVE-2020-3118 flaw and urged customers to patch their devices immediately.
The patch has been available since February and the full list of affected devices can be found here.
The flaw can be exploited by sending a malicious Cisco Discovery Protocol packet to the affected devices, Bleeping Computer explained. Attackers that manage to successfully exploit the flaw could trigger a stack overflow, allowing for arbitrary code execution with admin privileges.
On the bright side, however, the flaw can only be exploited by unauthenticated adjacent attackers, in the same broadcast domain as the vulnerable device.
Soon after Cisco’s announcement, the US National Security Agency (NSA) cited the same vulnerability in a list of flaws abused by Chinese state-sponsored cyberattack groups.
“We hear loud and clear that it can be hard to prioritize patching and mitigation efforts,” said NSA Cybersecurity Director Anne Neuberger.
“We hope that by highlighting the vulnerabilities that China is actively using to compromise systems, cybersecurity professionals will gain actionable information to prioritize efforts and secure their systems.”