Article 57JVC Attackers are trying to exploit a high-severity zeroday in Cisco gear

Attackers are trying to exploit a high-severity zeroday in Cisco gear

by
Dan Goodin
from Ars Technica - All content on (#57JVC)
cisco-5g-800x450.jpg

Enlarge (credit: Cisco)

Telecoms and data-center operators take note: attackers are actively trying to exploit a high-severity zeroday vulnerability in Cisco networking devices, the company warned over the weekend.

The security flaw resides in Cisco's iOS XR Software, an operating system for carrier-grade routers and other networking devices used by telecommunications and data-center providers. In an advisory published on Saturday, the networking-gear manufacturer said that a patch is not yet available and provided no timeline for when one would be released.

Memory exhaustion

CVE-2020-3566, as the vulnerability is tracked, allows attackers to cause memory exhaustion, resulting in instability of other processes" including but not limited to interior and exterior routing protocols. Exploits work by sending maliciously crafted Internet Group Management Protocol traffic. Normally, IGMP communications are used by one-to-many networking applications to conserve resources when streaming video and related content. A flaw in the way iOS XR Software queues IGMP packets makes it possible to consume memory resources.

Read 7 remaining paragraphs | Comments

index?i=oM-7sXqoB_I:u3FN6OGH3ac:V_sGLiPB index?i=oM-7sXqoB_I:u3FN6OGH3ac:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments