IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Cisco warns of memory exploitation in router software

Attempts to exploit the vulnerability in the wild were first detected last week

The Cisco logo displayed on a sign in a city

Cisco has warned that vulnerabilities in its router software are being exploited in the wild by hackers who are executing memory exhaustion vulnerabilities to target affected devices.

Several vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an attacker to remotely exhaust the process memory of an affected device.

Attackers would send specially crafted Internet Group Management Protocol (IGMP) packets to affected devices, with subsequent memory exhaustion leading to the instability of other processes. These could include both interior and exterior routing protocols.

No patch is yet available for the vulnerability, dubbed CVE-202-3566, although Cisco has stressed it would be working on fixes to address this flaw. The company first became aware of attempted exploitation on 28 August.

The memory exhaustion vulnerability affects any device that’s running any version of Cisco IOS XR, so long as an active interface is configured under multicast routing. 

An administrator can determine whether this setting is enabled by issuing the 'how igmp interface' command. If the output is empty, multicast routing is not enabled and the device is not affected by these flaws.

Compromised devices can be identified by establishing whether a set of messages are appearing on system logs. These are outlined in full on Cisco’s advisory page for the flaw.

The firm has also outlined a number of mitigations in the absence of a patch, including implementing a rate limiter that requires customers understand their current rate of IGMP traffic and set it to a rate lower than the current average.

The command will reduce the traffic rate and increase the time necessary for successful exploitation, with this time serving to allow the customer to perform recovery actions. 

As a secondary measure, affected customers can implement an access control entry (ACE) to an existing interface’s access control list (ACL). Alternatively, affected customer can create a new ACL for a specific interface that denies inbound DVMRP traffic.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
How full-stack observability can accelerate IT innovation
Sponsored

How full-stack observability can accelerate IT innovation

3 May 2022