Tuesday, June 18, 2024

Cisco Warns Hackers Actively Exploited Bug in Carrier-grade Routers

Cisco warned users that the hackers actively exploited a bug in carrier-grade-routers, and it was a zero-day vulnerability affecting the Internetwork Operating System (IOS) that boats with its networking devices. 

The security experts termed the vulnerability as CVE-2020-3566, and it affects the Distance Vector Multicast Routing Protocol (DVMRP) feature of its operating system.

Cisco’s IOS XR Network OS is disposed of various router programs, which include NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers. And till now, Cisco hasn’t issued any software update for this vulnerability.

Flaw Details

  • Advisory ID: cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
  • First issued: 2020 August 29
  • Last updated: 2020 August 31
  • Version 2.0: Interim
  • Workarounds: No workarounds 
  • CVE IDs: CVE-2020-3566, CVE-2020-3569
  • Cisco Bug IDs: CSCvr86414, CSCvv54838
  • CWE ID: CWE-400
  • CVSS Score: Base 8.6

Affected Products

These vulnerabilities attack any Cisco device that is operating any release of Cisco IOS XR Software if an effective interface is configured under multicast routing

The security experts of Cisco said that they had discovered this attack during an investigation. On August 28, 2020, the Cisco Product Security Incident Response Team (PSIRT) became acquainted of ventured exploitation of this vulnerability. 

Apart from this, the company asserted that currently, it’s working on generating software updates for IOS XR, and it will take time to release the update.

What to do to Discover or Determine?

  • Determine Whether Multicast Routing Is allowed

An administrator can conclude whether multicast routing is allowed on a device by advertising the show igmp interface call. 

RP/0/0/CPU0:router# show igmp interface

  • Determine whether the device is getting DVMRP Traffic

In this case, an administrator can conclude whether the device is getting DVMRP traffic by publishing the show igmp traffic command. 

RP/0/0/CPU0:router#show igmp traffic


The company has issued some mitigations that are to be followed by the users until the company releases a software update, and here are they:-

  • Users can perform rate-limiting to reduce IGMP traffic rates. So, users can quickly increase the time that is needed to exploit this vulnerability successfully.
  • Users can also perform an Access Control Entry (ACE) to the current interface access control list (ACL) or a new ACL to reject inbound DVRMP traffic to interfaces with multicast routing allowed.
  • The users must disable IGMP routing on interfaces where processing IGMP traffic is not required by opening the IGMP router configuration mode.
  • The users can perform all the mitigations by assigning the router igmp command.

Moreover, the security experts affirmed that it is still unclear how attackers are exercising this bug in the grand plan of things. They might be utilizing it to impact other methods on the router, like security mechanisms, and obtain access to the device.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates


Latest articles

Singapore Police Arrested Two Individuals Involved in Hacking Android Devices

The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for...

CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by...

Europol Taken Down 13 Websites Linked to Terrorist Operations

Europol and law enforcement agencies from ten countries have taken down 13 websites linked...

New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems

Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data.ARM's...

Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users

A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...

Hackers Employing New Techniques To Attack Docker API

Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles