On Saturday, Cisco cautioned about a new zero-day flaw affecting the Internetwork Operating System (IOS) that ships with its networking equipment.

The tech giant said that attackers are already seeking to exploit the flaw. 

The problem rests in the Distance Vector Multicast Routing Protocol (DVMRP) feature of IOS XR. It’s possible to exploit remote without verification, and could lead to exhausted process memory and uncertainty of other processes, including those of interior and exterior routing protocols.

Cisco said that flaw is due to inadequate queue management for Internet Group Management Protocol (IGMP) packets. Resultantly, an attacker could send crafted IGMP traffic to a susceptible device to exploit the vulnerability.

“This vulnerability affects any Cisco device that is running any release of Cisco IOS XR Software if an active interface is configured under multicast routing,” the company says.

The company elucidates that administrators can use the show igmp interface command to find whether multicast routing is permitted, and the show igmp traffic command to ascertain whether the device is receiving DVMRP traffic.

“This vulnerability results in memory exhaustion, which can impact other processes on the device. It is possible to recover the memory consumed by the IGMP process by restarting the IGMP process with the process restart igmp command,” the company adds.

No workarounds exist to deal with the problem, but the company has published information on numerous mitigations that customers can apply to remain secured.

Mitigation steps for the flaws include employing a rate limiter for the IGMP traffic, which raises the time needed for an effective exploitation, along with applying an access control entry (ACE) to an existing interface access control list (ACL).

The vulnerability, tracked as CVE-2020-3566, has a CVSS score of 8.6, with Cisco divulging that attackers are already trying to exploit the flaw.

Leave a Reply

Your email address will not be published. Required fields are marked *