Published on: 31 August 2020
Cisco released a security advisory to address a vulnerability in Cisco IOS XR software. An attacker could exploit the vulnerability by sending specially crafted Internet Group Management Protocol (IGMP) traffic to a vulnerable device with an active interface configured for multicast routing.
The Cisco Product Security Incident Response Team (PSIRT) indicates that active exploitation against the vulnerability (CVE-2020-3566) has been observed. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
A successful exploitation could lead to denial of service on an affected system.
Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. For detailed information of the available patches, please refer to the section "Fixed Software" of corresponding security advisory at vendor's website.
System administrators should contact their product support vendors for the fixes and assistance.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
https://us-cert.cisa.gov/ncas/current-activity/2020/08/27/cisco-releases-security-updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3566