View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 1, 2020

Hackers Are Attempting to Cripple Cisco Networking Kit via New 0Day

Attackers are attempting to overwhelm all available memory via specially crafted IGMP packets

By Matthew Gooding

Hackers are actively trying to exploit several high-severity memory exhaustion weaknesses in Cisco software that runs carrier-class routers, the company has warned.

Multiple vulnerabilities have been detected in the distance vector multicast routing protocol (DVMRP) feature of Cisco IOS XR Software, which runs routers and other network devices. If it exploited they “could allow an unauthenticated, remote attacker to exhaust process memory of an affected device,” the company said.

Cisco’s security advisory adds that its team “became aware of attempted exploitation of these vulnerabilities in the wild” on August 28. The bugs have been allocated CVE-2020-3566 and CVE-2020-3569, with a base CVSS score of a “high” 8.6.

Admins can determine whether multicast routing is enabled on a device by issuing the show igmp interface command. Guidance is here.

How This Vulnerability Could be Exploited

The vulnerabilities affect any Cisco device that is running any release of Cisco IOS XR Software, if an active interface is configured under multicast routing.

They are caused by insufficient queue management for Internet Group Management Protocol (IGMP) packets.

An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Patch on the Way, Take Mitigating Action

Cisco says it will release a patch to address these vulnerabilities in due course, but in the mean time there aren’t any workarounds available.

It is advising users to take mitigating steps, such as implementing a rate limiter and setting a traffic rate lower than the average for their network.

“This command will not remove the exploit vector,” Cisco explains. “However, the command will reduce the traffic rate and increase the time necessary for successful exploitation. The customer can use this time to perform recovery actions.

“As a second line of defense, a customer may implement an access control entry to an existing interface access control list (ACL). Alternatively, the customer can create a new ACL for a specific interface that denies DVMRP traffic inbound on that interface.”

The following example creates an ACL and denies DVMRP traffic:

RP/0/0/CPU0:router(config)# ipv4 access-list <acl_name> deny igmp any any dvmrp

Read More: This Hacker Found 120+ Bugs in the Cisco Data Centre Network


Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.