Cisco Warned Hackers are Targeting Many Carrier-Grade Routers

Cisco

Cisco has reported that hackers are not targeting one but two unpatched vulnerabilities in the IOS XR software’s DVMRP function running on several carrier-grade routers.

The company released an advisory over the weekend warning of active attacks targeting a security flaw (CVE-2020-3566) in IOS XR ‘s Distance Vector Multicast Routing Protocol (DVMRP) feature to cause memory exhaustion denial of service ( DoS).

The tech giant modified the advisory on Monday to add another CVE to it, namely CVE-2020-3569, which impacts the very same feature and has similar implications.

Both problems, reveals the business, can be remotely exploited by an unauthenticated attacker by sending designed IGMP traffic to a compromised computer.

The bugs occur because the Internet Group Management Protocol (IGMP) packets lack the queue management.

All Cisco devices running any update of IOS XR software are affected according to the company, provided an active interface is configured under multicast routing. Impacted devices include: ASR 9000, NCS 5500, 8000 and sequence routers NCS 540 & 560.

Cisco has provided details on mitigation measures that organisations may take to minimise exposure, but software updates for mitigating these vulnerabilities have yet to be published.

No workarounds have been comprehensive yet to fix the two problems, but Cisco has released vulnerability indicators to help administrators decide whether attackers are leveraging vulnerabilities within their devices.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.