View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 1, 2020

Hackers Are Attempting to Cripple Cisco Networking Kit via New 0Day

Attackers are attempting to overwhelm all available memory via specially crafted IGMP packets

By Matthew Gooding

Hackers are actively trying to exploit several high-severity memory exhaustion weaknesses in Cisco software that runs carrier-class routers, the company has warned.

Multiple vulnerabilities have been detected in the distance vector multicast routing protocol (DVMRP) feature of Cisco IOS XR Software, which runs routers and other network devices. If it exploited they “could allow an unauthenticated, remote attacker to exhaust process memory of an affected device,” the company said.

Cisco’s security advisory adds that its team “became aware of attempted exploitation of these vulnerabilities in the wild” on August 28. The bugs have been allocated CVE-2020-3566 and CVE-2020-3569, with a base CVSS score of a “high” 8.6.

Admins can determine whether multicast routing is enabled on a device by issuing the show igmp interface command. Guidance is here.

How This Vulnerability Could be Exploited

The vulnerabilities affect any Cisco device that is running any release of Cisco IOS XR Software, if an active interface is configured under multicast routing.

They are caused by insufficient queue management for Internet Group Management Protocol (IGMP) packets.

An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols.

Content from our partners
The growing cybersecurity threats facing retailers
How to integrate security into IT operations
How Kodak evolved to tackle seismic changes in the print industry and embrace digital revolution

Patch on the Way, Take Mitigating Action

Cisco says it will release a patch to address these vulnerabilities in due course, but in the mean time there aren’t any workarounds available.

It is advising users to take mitigating steps, such as implementing a rate limiter and setting a traffic rate lower than the average for their network.

“This command will not remove the exploit vector,” Cisco explains. “However, the command will reduce the traffic rate and increase the time necessary for successful exploitation. The customer can use this time to perform recovery actions.

“As a second line of defense, a customer may implement an access control entry to an existing interface access control list (ACL). Alternatively, the customer can create a new ACL for a specific interface that denies DVMRP traffic inbound on that interface.”

The following example creates an ACL and denies DVMRP traffic:

RP/0/0/CPU0:router(config)# ipv4 access-list <acl_name> deny igmp any any dvmrp

Read More: This Hacker Found 120+ Bugs in the Cisco Data Centre Network


Topics in this article: , ,
Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy