Cisco has pushed out a patch for its ASR 9000 routers that could allow for attackers to carry out Denial-of-service (DoS) strikes and also give them unauthorized access to the devices. The CVSS score for the vulnerability (CVE-2019-1710) is 9.8, putting it at a critical severity level. The vulnerability lies in the router’s internal sysadmin applications where they are erroneously isolated in the alternate management interface. To be exploited correctly, an attacker would have to connect to one of the listening internal applications. The patch for this vulnerability was rushed out because it was found during internal testing and researchers believe it has not yet been exploited. Cisco is suggesting that users upgrade to Cisco’s IOS XR 64-bit software release 6.5.3 and 7.0.1 which will edit the calvados_boostrap.cfg file and reload the device.