CISCO has issued a warning regarding an active zero-day vulnerability in its router software. The company states that this vulnerability is being exploited in the wild and can allow attackers to compromise devices to carry out memory exhaustion attacks.
This results in instability of other processes on the device’s infrastructure, including interior and exterior routing protocols.
This bug originates from an issue in the Distance Vector Multicast Routing Protocol (DVMRP) feature, which allows an attacker to install malicious Internet Group Management Protocol (IGMP) packets to the susceptible device in question. It affects all CISCO devices running on its Internetwork Operating System (IOS) XR Software.