Patches for Two High-Severity Vulnerabilities. Cisco released updates this week for two IOS XR device high-severity bugs that have been successfully targeted in attacks for over a month.
Tracked as CVE-2020-3566 and CVE-2020-3569 and featuring a CVSS score of 8.6, in late August, when Cisco announced that hackers were already targeting them in attacks, the two bugs were made public.
In the Distance Vector Multicast Routing Protocol (DVMRP) feature of IOS XR, both problems were found and could be exploited without authentication to trigger the Internet Community Management Protocol (IGMP) mechanism to drain memory and crash processes.
The bugs occur because IGMP packets are not adequately treated, Cisco says, which means that designed IGMP traffic may be sent to the affected devices to activate them. The IGMP mechanism may automatically crash or cause memory exhaustion by an effective hack, thereby affecting the reliability of other systems, including those of routing protocols.Patches for Two High-Severity Vulnerabilities.
It is not necessary to manually restart the IGMP process in the event of an imminent IGMP process collapse, since that operation has already been carried out by the system. This automatic restart, the company states in an alert, would restore the exhausted memory.
“If an active interface is installed under multicast routing,” and if DVMRP traffic is generated, Cisco states, all Cisco devices running IOS XR are affected.
To decide whether multicast routing is allowed and whether the system receives DVMRP traffic, administrators can use the display igmp interface and display igmp traffic commands. In addition, to reduce memory fatigue, they may employ rate limiters and access control techniques.
This week, Cisco announced that security fixes for the ASR9K-PX, ASR9K-X64, CRS, and NCS5500 platforms are available to fix these vulnerabilities.