Cisco Alerts About IOS XR Zero-Day Under Active Exploitation

  •  
  •  
  •  
  • 2
  •  
  •  
  •  
    2
    Shares

Cisco has recently disclosed a zero-day IOS XR flaw that has caught the attention of criminals. While patches are in progress, Cisco has recommended workarounds for now.

Cisco IOS XR Zero-Day Under Attack

In a recent security advisory, Cisco has disclosed a zero-day vulnerability in the IOS XR Software. The vulnerability affected the Distance Vector Multicast Routing Protocol (DVMRP) feature of the software.

Describing the vulnerability CVE-2020-3566, Cisco explained that the bug was basically a memory exhaustion flaw. The vendors have labeled this flaw as a high-severity bug with a CVSS score of 8.6.

Exploiting this bug could allow an unauthenticated remote attacker to exhaust the memory of the target device. Elaborating the flaw further, they stated,

The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device.

Whereas, regarding the impact of such an exploit, Cisco explained,

A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols.

The flaw broadly the devices running any release of the IOS XR software, if it has enabled multicast routing.

Mitigations Available – Patches Underway

At present, no exact fix is available for the patch. Nonetheless, the vendors have suggested two methods to mitigate the bug.

The first includes rate-limiting IGMP traffic and applying a lower than average rate.

Whereas, the second includes applying access control entry (ACE) to an existing interface access control list (ACL). Or, the customers can create an entirely new ACL that denies DVMRP traffic.

The users must ensure applying these workarounds at the earliest as Cisco has detected exploitation attempts for this bug. Therefore, depending upon the customers’ environment, an appropriate mitigation strategy should be in place.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!