TTCSIRT-348.08.31.20: TT-CSIRT ADVISORY – Cisco’s active IOS XR zero-day exploit
Cisco warns of a new zero-day vulnerability impacting the Internetwork Operating System (IOS) that ships with its networking equipment.
The vulnerability, tracked as CVE-2020-3566, impacts the Distance Vector Multicast Routing Protocol (DVMRP) feature that ships with the IOS XR version of the operating system.
This version of the OS is usually installed on carrier-grade and data center routers, the DVMRP feature contains a bug that allows an unauthenticated, remote attacker to exhaust process memory and crash other processes running on the device.
For more information details and support, please visit the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
If you have any queries or comments with regards to this advisory, please feel free to contact TTCSIRT via contacts@ttcsirt.gov.tt