Cybersecurity Network Management IT and Network Support Utilities Law Enforcement Criminal Justice 911 and Emergency Communications Centers

Cybersecurity Threat Advisory: Vector Multicast Routing Protocol

Mike Beagles
Mike Beagles September 11, 2020 2 min read

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their mission-critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

This week, there is a new critical alert that requires the mission-critical community’s immediate attention.

Advisory Summary

A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. A DVMRP is a routing protocol used to share information between routers to facilitate the transportation of IP-multicast packets among networks. A successful exploit by an attacker could cause memory exhaustion, resulting in the instability of other processes. MCP recommends following the mitigation steps provided by Cisco and updating Cisco software regularly to address vulnerabilities as fixes are released and become available.

Technical Detail and Additional Information

What Is the Threat?

The security flaw that resides in Cisco’s IOS XR Software is considered a high-severity zero-day vulnerability, which means that there is a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix the flaw. Attackers have been actively trying to exploit this vulnerability in Cisco networking devices. Cisco’s IOS XR Software is an operating system for carrier-grade routers and other networking devices used by telecommunications and data center providers. As of this writing, Cisco has not provided a timeline for when a patch for the vulnerability will be released.

Why Is this Noteworthy?

The vulnerability is being tracked as CVE-2020-3566 and is described as a vulnerability that, if exploited, could cause memory exhaustion and the instability of other processes including but not limited to interior and exterior routing protocols. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. To exploit this vulnerability, an attacker could send crafted IGMP traffic to an affected device.

Cisco has not elaborated whether attacks on this vulnerability could cause other issues aside from memory exhaustion and the subsequent disruption of various processes. The company has rated the severity of the vulnerability as “high” with a Common Vulnerability Scoring System (CVSS) rating of 8.6 out of 10. These vulnerabilities affect any Cisco device that is running any release of Cisco IOS XR Software if an active interface is configured under multicast routing and it is receiving DVMRP traffic.

What Are the Recommendations?

Related Posts

An Effective Network Operations Center Does More Than Provide Alerts

Cybersecurity Threat Advisory: Two Microsoft Zero-Day Attack Vulnerabilities

Why Critical Infrastructure Agencies Should Monitor for Exposed Credentials

Don't forget to share this post!

Mike Beagles
Mike Beagles
Mike has specialized experience with supporting public safety agencies by providing technical expertise, strategic planning and general consulting for new and innovative mission critical technologies as well as legacy solutions. Throughout his long-standing career, he has worked as a technical service manager and network engineer for several public safety software companies, as well as an IT manager with a mid-tier public safety 911/ CAD/RMS/Mobile software provider. His expertise runs deep in team and project management for large and small projects, which he has done for more than 12 years.

Related posts

Next Generation 911 Networks Cybersecurity IT and Network Support Utilities Law Enforcement Criminal Justice 911 and Emergency Communications Centers

If You Do Nothing Else, Implement Multifactor Authentication to Head Off Cyberattacks

May 28, 2020
Mike Beagles
Company News Network Management

MCP Launches Video Chats to Keep Clients Current on Cybersecurity Threats

April 15, 2021
Mike Beagles