CISCO detects new zero-day liability affecting IOS

Internetwork Operating System (IOS)

Cisco caught the set of attacks after investigating a support case that the organization’s support team handled. The Internetwork Operating System (IOS) that ships with the networking devices were affected in the attacks. The liability is tracked as CVE-2020-3566, and it affects the Distance Vector Multicast Routing Protocol (DVMRP) functionality that is available with the IOS XR version of the OS. Datacenter and carrier-grade routers are generally installed with the IOS XR version.

Read More: Top IoT Security Threats that CISOs Need to Prioritize

Cisco warned that the DVMRP feature has a liability that lets remote, unauthenticated hackers crash processes and exhaust process memory on the device. The weakness was a result of inefficient queue management of Internet Group Management Protocol (IGMP) packets.

Source: Zdnet