The flaw could enable an unauthenticated, remote attacker to access the devices, Cisco said. The flaw is specifically in Cisco Aggregation Services Routers (ASR) 9000 Series, Cisco s popular carrier Ethernet router intended for service applications. The vulnerability (CVE-2019-1710) has a CVSS score of 9.8, making it critical in severity. Cisco urged users to upgrade to the Cisco IOS XR 64-bit software as soon as possible. The company also revealed that exploit code for a previously-disclosed critical remote code execution vulnerability was now available.
Source: https://threatpost.com/cisco-patch-asr-9000-routers/143895/