Thursday, January 30, 2025
Follow us On Linkedin
HomeCiscoCisco Warns Hackers Actively Exploited Bug in Carrier-grade Routers

Cisco Warns Hackers Actively Exploited Bug in Carrier-grade Routers

Cisco

Published on

By Balaji
cisco bug

Free Webinar DevSecOps Hacks

SIEM as a Service

Follow Us on Google News

Cisco warned users that the hackers actively exploited a bug in carrier-grade-routers, and it was a zero-day vulnerability affecting the Internetwork Operating System (IOS) that boats with its networking devices. 

The security experts termed the vulnerability as CVE-2020-3566, and it affects the Distance Vector Multicast Routing Protocol (DVMRP) feature of its operating system.

Cisco’s IOS XR Network OS is disposed of various router programs, which include NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers. And till now, Cisco hasn’t issued any software update for this vulnerability.

Flaw Details

  • Advisory ID: cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
  • First issued: 2020 August 29
  • Last updated: 2020 August 31
  • Version 2.0: Interim
  • Workarounds: No workarounds 
  • CVE IDs: CVE-2020-3566, CVE-2020-3569
  • Cisco Bug IDs: CSCvr86414, CSCvv54838
  • CWE ID: CWE-400
  • CVSS Score: Base 8.6

Affected Products

These vulnerabilities attack any Cisco device that is operating any release of Cisco IOS XR Software if an effective interface is configured under multicast routing

The security experts of Cisco said that they had discovered this attack during an investigation. On August 28, 2020, the Cisco Product Security Incident Response Team (PSIRT) became acquainted of ventured exploitation of this vulnerability. 

Apart from this, the company asserted that currently, it’s working on generating software updates for IOS XR, and it will take time to release the update.

What to do to Discover or Determine?

  • Determine Whether Multicast Routing Is allowed

An administrator can conclude whether multicast routing is allowed on a device by advertising the show igmp interface call. 

RP/0/0/CPU0:router# show igmp interface

  • Determine whether the device is getting DVMRP Traffic

In this case, an administrator can conclude whether the device is getting DVMRP traffic by publishing the show igmp traffic command. 

RP/0/0/CPU0:router#show igmp traffic

Mitigation

The company has issued some mitigations that are to be followed by the users until the company releases a software update, and here are they:-

  • Users can perform rate-limiting to reduce IGMP traffic rates. So, users can quickly increase the time that is needed to exploit this vulnerability successfully.
  • Users can also perform an Access Control Entry (ACE) to the current interface access control list (ACL) or a new ACL to reject inbound DVRMP traffic to interfaces with multicast routing allowed.
  • The users must disable IGMP routing on interfaces where processing IGMP traffic is not required by opening the IGMP router configuration mode.
  • The users can perform all the mitigations by assigning the router igmp command.

Moreover, the security experts affirmed that it is still unclear how attackers are exercising this bug in the grand plan of things. They might be utilizing it to impact other methods on the router, like security mechanisms, and obtain access to the device.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Browser

New RDP Exploit Allows Attackers to Take Over Windows and Browser Sessions

Cybersecurity experts have uncovered a new exploit leveraging the widely used Remote Desktop Protocol...
Cyber Security News

New SMS-Based Phishing Tool ‘DevilTraff’ Enables Mass Cyber Attacks

Cybersecurity experts are sounding the alarm about a new SMS-based phishing tool, Devil-Traff, that...
Cyber Security News

DeepSeek Database Publicly Exposed Sensitive Information, Secret Keys & Logs

Experts at Wiz Research have identified a publicly exposed ClickHouse database belonging to DeepSeek,...
Cyber Security News

OPNsense 25.1 Released, What’s New!

The highly anticipated release of OPNsense 25.1 has officially arrived! Nicknamed "Ultimate Unicorn," this...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

Register Now

More like this

Cisco

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...
Cisco

Cisco ATA 190 Telephone Adapter Vulnerabilities Let Attackers Execute Remote Code

Cisco has disclosed multiple vulnerabilities affecting its ATA 190 Series Analog Telephone Adapter firmware,...
Cisco

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved