On Saturday, Cisco issued a security advisory about a zero-day vulnerability on its IOS XR software that comes with some of its networking equipment.
In its "high" security advisory, Cisco said the vulnerability was found during the resolution of a Cisco TAC support case. On Friday, the Cisco Product Security Incident Response Team (PSIRT) became aware of an attempted exploitation of the vulnerability "in the wild."
The vulnerability, which is being tracked as "CVE-2020-3566, impacts the distance vector multicast routing protocol (DVMRP) feature that is on the IOS XR software. It's not clear what advantage a potential hacker would gain by exploiting the vulnerability.
IOS XR is typically installed on Cisco's carrier grade and data center routers. Cisco's OS XR7 operating system is powering its 8000 series routers, which was announced near the end of last year, that were designed for FANG webscale operators and service providers to power applications and services such as 5G, video streaming and 400G.
Cisco said the vulnerability "could allow an unauthenticated, remote attacker to exhaust process memory of an affected device."
"The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets," Cisco said in its advisory. "An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols."
Cisco said it would release software updates that address the vulnerability. While there are currently no workarounds that address the vulnerability, Cisco said there are multiple mitigations available to customers depending on their needs.
The security advisory also included additional incident response instructions for companies to investigate their logs in order to see if they've been attacked using the IOS vulnerability.
The vulnerability affects any Cisco device that is running any release of Cisco IOS XR software if an active interface is configured under multicast routing. Cisco provided a list of the vulnerable devices in its security advisory as well as "indicators of compromise."