TTCSIRT-348.08.31.20: TT-CSIRT ADVISORY – Cisco’s active IOS XR zero-day exploit

Cisco warns of a new zero-day vulnerability impacting the Internetwork Operating System (IOS) that ships with its networking equipment.

The vulnerability, tracked as CVE-2020-3566, impacts the Distance Vector Multicast Routing Protocol (DVMRP) feature that ships with the IOS XR version of the operating system.

This version of the OS is usually installed on carrier-grade and data center routers, the DVMRP feature contains a bug that allows an unauthenticated, remote attacker to exhaust process memory and crash other processes running on the device.

For more information details and support, please visit the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz



If you have any queries or comments with regards to this advisory, please feel free to contact TTCSIRT via contacts@ttcsirt.gov.tt