Cisco issues alert for zero-day DVMRP vulnerability being actively exploited by attackers
The bug in carrier-grade routers could allow a remote hacker to exhaust target device's process memory by sending crafted IGMP traffic
Cisco has issued an alert to warn users of a zero-day security vulnerability that impacts its carrier-grade routers and is being exploited in the wild by attackers.
According to Cisco, this high-severity bug exists in the Distance Vector Multicast Routing Protocol (DVMRP) feature of the IOS XR Network OS and arises due to insufficient queue management for Internet Group Management Protocol (IGMP) packets.
Indexed as CVE-2020-3566, the bug could allow a remote, unauthenticated attacker to exhaust target device's process memory by sending crafted IGMP traffic to it, the company noted. Memory exhaustion can also result in the crashing of other processes, such as interior and exterior routing protocols, running on the device.
Cisco's IOS XR software is used in many networking equipment, including NCS 5500, 8000, NCS 540 and 560, and ASR 9000 series routers.
The bug impacts all Cisco devices running any Cisco IOS XR Software release if one of their active interfaces is configured under multicast routing.
Admins can easily determine whether multicast routing is enabled on a device by issuing the 'show igmp interface' command.
According to Cisco, the bug was spotted last week during resolution of a support case by its security team. An exploitation attempt for the flaw was then noticed on 28th August.
There are currently no patches or workarounds available to address the vulnerability. However, Cisco's advisory offers many mitigation measures for the bug.
The company recommends users implement a rate limit for IGMP traffic and set a rate lower than the current average. While this command does not eliminate the exploit vector, it can reduce the traffic rate, thereby increasing the time attackers will need to successfully exploit the bug.
Admins must also consider disabling IGMP routing for an interface where IGMP processing is not needed.
Cisco said it is currently working to develop software updates for affected software.
Last month, Cisco had released security patches to address multiple critical security bugs impacting its Data Center Network Manager (DCNM) and SD-WAN software products. The most notable of the flaws were three critical authentication bypass, authorisation bypass and buffer overflow bugs, which could allow a remote, unauthenticated attacker to steal sensitive information from affected devices.
Also, last month, Cisco released security updates to fix 31 vulnerabilities affecting its router and firewall products.
The company warned at the time that some of the bugs could be remotely exploited by unauthenticated attackers without requiring any user interaction.
More on Hacking
New Zealand Stock Exchange disrupted for third day following cyber attack
NZX says it is experiencing DDoS attacks originating abroad
US officers arrest Russian national for plotting to attack American firm
Egor Igorevich Kriuchkov allegedly offered an employee at the firm $1 million for help in installing malware onto the company network
Marriott faces UK class action-style lawsuit over massive data breach
Personal data of nearly seven million British guests was compromised in Marriott breach
Former Uber security officer charged with covering up 2016 data hack
Joseph Sullivan paid hackers $100,000 to keep silent about the hack
Lafayette City pays $45,000 ransom to cyber criminals
Attackers likely entered the network through a phishing scam or brute force attack
Most read
