Cisco caught the set of attacks after investigating a support case that the organization’s support team handled. The Internetwork Operating System (IOS) that ships with the networking devices were affected in the attacks. The liability is tracked as CVE-2020-3566, and it affects the Distance Vector Multicast Routing Protocol (DVMRP) functionality that is available with the IOS XR version of the OS. Datacenter and carrier-grade routers are generally installed with the IOS XR version.
Cisco warned that the DVMRP feature has a liability that lets remote, unauthenticated hackers crash processes and exhaust process memory on the device. The weakness was a result of inefficient queue management of Internet Group Management Protocol (IGMP) packets.