Hackers Are Attempting to Cripple Cisco Networking Kit via New 0Day
Hackers are actively trying to exploit several high-severity memory exhaustion weaknesses in Cisco software that runs carrier-class routers, the company has warned.
Multiple vulnerabilities have been detected in the distance vector multicast routing protocol (DVMRP) feature of Cisco IOS XR Software, which runs routers and other network devices. If it exploited they “could allow an unauthenticated, remote attacker to exhaust process memory of an affected device,” the company said.
Cisco’s security advisory adds that its team “became aware of attempted exploitation of these vulnerabilities in the wild” on August 28. The bugs have been allocated CVE-2020-3566 and CVE-2020-3569, with a base CVSS score of a “high” 8.6. Admins can determine whether multicast routing is enabled on a device by issuing the show igmp interface command. Guidance is here.