Cisco issues security advisory for memory exhaustion vulnerability on IOS XR

Cisco logo
Cisco issues a security advisory for its IOS XR software that runs on its carrier grade routers. (FierceWireless)

On Saturday, Cisco issued a security advisory about a zero-day vulnerability on its IOS XR software that comes with some of its networking equipment.

In its "high" security advisory, Cisco said the vulnerability was found during the resolution of a Cisco TAC support case. On Friday, the Cisco Product Security Incident Response Team (PSIRT) became aware of an attempted exploitation of the vulnerability "in the wild."

The vulnerability, which is being tracked as "CVE-2020-3566, impacts the distance vector multicast routing protocol (DVMRP) feature that is on the IOS XR software. It's not clear what advantage a potential hacker would gain by exploiting the vulnerability.

FREE DAILY NEWSLETTER

Like this story? Subscribe to FierceTelecom!

The Telecom industry is an ever-changing world where big ideas come along daily. Our subscribers rely on FierceTelecom as their must-read source for the latest news, analysis and data on the intersection of telecom and media. Sign up today to get telecom news and updates delivered to your inbox and read on the go.

RELATED: Cisco makes a bold play in the silicon space, bows new router series

IOS XR is typically installed on Cisco's carrier grade and data center routers. Cisco's OS XR7 operating system is powering its 8000 series routers, which was announced near the end of last year, that were designed for FANG webscale operators and service providers to power applications and services such as 5G, video streaming and 400G.

Cisco said the vulnerability "could allow an unauthenticated, remote attacker to exhaust process memory of an affected device."

"The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets," Cisco said in its advisory.  "An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols."

Cisco said it would release software updates that address the vulnerability. While there are currently no workarounds that address the vulnerability, Cisco said there are multiple mitigations available to customers depending on their needs.

The security advisory also included additional incident response instructions for companies to investigate their logs in order to see if they've been attacked using the IOS vulnerability.

The vulnerability affects any Cisco device that is running any release of Cisco IOS XR software if an active interface is configured under multicast routing. Cisco provided a list of the vulnerable devices in its security advisory as well as "indicators of compromise."

Suggested Articles

Huawei's quarterly revenue growth expanded at a slower rate due to U.S. sanctions and the impact of Covid-19 on its consumer sector.

Verizon Business has added VNS Application Edge into its Virtual Network Services portfolio to fuel enterprises' edge and cloud deployments.

The industry was a bit surprised this week when Juniper Networks pulled the trigger on Boston-area startup 128 Technology for $450 million in cash.