Cisco issued a security advisory warning of a new Cisco IOS XR software zero-day vulnerability under active exploit in the wild.
The vulnerability CVE-2020-3566 exists in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software.
“The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device,” Cisco explained in the advisory.
“A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols.”
As a result, a remote unauthenticated attacker could exhaust process memory of an affected device.
Furthermore, Cisco also confirmed they observed active exploits:
“On August 28, 2020, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of this vulnerability in the wild.”
Although there is no patch or workaround yet available, Cisco offered some mitigations as a first line of defense. For example, Cisco customers can implement a rate limiter to lower current rate of IGMP traffic as compared to current average rate, depending on the customer’s environment.
- Cisco fixes 11 High risk vulnerabilities in NX-OS Software and other network products
- Cisco patches Critical default credentials vulnerability (CVE-2020-3446) in network appliances
- Attackers are exploiting Cisco ASA and FTD Software vulnerability (CVE-2020-3452)
- Organizations need heightened level of Enterprise VPN security in the wake of Coronavirus Pandemic