Cisco warns of IOS XR zero-day vulnerability exploit in the wild (CVE-2020-3566)

Cisco warns of IOS XR zero-day vulnerability exploit in the wild (CVE-2020-3566)

Cisco issued a security advisory warning of a new Cisco IOS XR software zero-day vulnerability under active exploit in the wild.

The vulnerability CVE-2020-3566 exists in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software.

“The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device,” Cisco explained in the advisory.

“A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols.”

As a result, a remote unauthenticated attacker could exhaust process memory of an affected device.

Furthermore, Cisco also confirmed they observed active exploits:

“On August 28, 2020, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of this vulnerability in the wild.”

Although there is no patch or workaround yet available, Cisco offered some mitigations as a first line of defense. For example, Cisco customers can implement a rate limiter to lower current rate of IGMP traffic as compared to current average rate, depending on the customer’s environment.

Related Articles