Cisco fixed two actively exploited and high severity memory exhaustion DoS vulnerabilities found in the IOS XR software that runs on multiple carrier-grade routers.
The Cisco IOS XR Network OS is deployed on several router platforms including the NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers.
Cisco warned customers on August 29th of ongoing attacks targeting carrier-grade routers running vulnerable Cisco IOS XR software versions.
“On August 28, 2020, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of these vulnerabilities in the wild,” Cisco explained.
The two denial-of-service (DoS) security flaws — tracked as CVE-2020-3566 and CVE-2020-3569 — exist in the Distance Vector Multicast Routing Protocol (DVMRP) feature of the IOS XR software.
They impact any Cisco device running any Cisco IOS XR Software release if one of the active interfaces is configured under multicast routing.
Remote and unauthenticated attackers who successfully exploit them by sending crafted IGMP traffic can exhaust the targeted routers’ memory.
Also Read: The PDPA Data Breach August 2020: A Recap of 8 Alarming Cases
While at the time it disclosed the attacks Cisco only provided customers with mitigation measures to block exploitation attempts, the company has now released free Software Maintenance Upgrades (SMUs) to address the two vulnerabilities.
The table embedded below contains information on what fixes should be deployed for each of the two security flaws on affected routers.
| Cisco IOS XR Release | Fix Needed for CSCvv54838 | Fix Needed for CSCvr86414 | Notes |
|---|---|---|---|
| Earlier than 6.6.3 | Yes | Yes | Fixes are provided through bug CSCvv60110, which was created to combine the fixes for both CSCvv54838 and CSCvr86414. SMU names include CSCvv60110. |
| 6.6.3 and later | Yes | No | Fix needed for only CSCvv54838. Releases 6.6.3 and later already contain the fix for CSCvr86414. SMU names include CSCvv54838. |
To find if multicast routing is enabled on a device exposing it to potential attacks, admins can run the show igmp interface command.
For IOS XR routers were the multicast routing feature is not enabled, the output of the command will be empty and the devices are not affected by the two flaws.
For vulnerable devices where admins cannot immediately apply the security fixes, Cisco recommends implementing “an access control entry (ACE) to an existing interface access control list (ACL)” or a new ACL to deny inbound DVRMP traffic to interfaces with multicast routing enabled.
Admins are also advised to disable IGMP routing on interfaces where processing IGMP traffic is not necessary.
This can be done by entering IGMP router configuration mode by issuing the router igmp command, selecting the interface using interface, and then disabling IGMP routing using router disable.
In July, Cisco fixed another actively exploited read-only path traversal vulnerability, as well as pre-auth critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities that could lead to full device takeover.
Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.
