Two days ago, on Saturday, the technology manufacturing company Cisco reported a newly-discovered (Zero-Day) vulnerability in their Internetwork Operating System (IOS) that is present in lots of Cisco products.
The vulnerability is labeled as CVE-2020-3566 and it is found in the Distance Vector Multicast Routing Protocol – this is a feature present in the XR version of the IOS operating system. This version of the OS is mainly installed on products such as data center and carrier-grade routers by Cisco.
How can the vulnerability be exploited
According to Cisco, due to lack of sufficient process queue management in IGMP (Internet Group Management Protocol) packets, a hacker could potentially send the targeted device custom IGMP traffic that could cause memory leaks/exhaustion, resulting in instability for processes such as interior and/or exterior routing protocols.
Attempts to exploit the vulnerability
Cisco reports that last week there have already been attempts to exploit this weakness. Fortunately, the support team of Cisco was quick to investigate and intercept the attempt. At the moment of writing this, Cisco is working on an emergency update that would patch out the IOS XR vulnerability. According to the company’s most recent statement, the update will take a couple of days to be completed and released. Until then, Cisco has recommended several possible alternatives to ameliorate the problem. You can find out more about those alternatives as well as additional information about CVE-2020-3566 (such as how to find out if you’ve been attacked using this vulnerability) on Cisco’s site.
Currently, there is no clarity with regard to what the end-goal pursued by using this vulnerability to cause memory exhaustion might be. Researchers suspect that it might be used to crash important security/protection processes on the attacked device, thus opening the way for attacks from more specialized malware and allowing the attackers to gain remote access. However, those are currently only speculations and the actual end-goal of these attacks could be different, which is why companies are advised to thoroughly go through their logs to see if there are any irregularities if they notice potential symptoms of an attack using the CVE-2020-3566 vulnerability.