Cisco IOS XR Zero-Day Vulnerability Being Exploited in the Wild
Situation
Cisco has found multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software. The vulnerability can allow a remote attacker to perform a denial of service (DoS) attack.
This vulnerability has been seen currently being exploited in the wild.
Problem
The vulnerabilities exist due to insufficient queue management for the Internet Group Management Protocol (IGMP) packets. An attacker could exploit these vulnerabilities by sending crafted IGMP packets to an affected device.
Implication
If an attacker is able to successfully exploit these vulnerabilities it could cause memory exhaustion, resulting in instability of other processes, such as the interior and exterior routing protocols resulting in a denial of service (DoS).
Need
Cisco stated they will release software updates that address these vulnerabilities. And there are no workarounds that address these vulnerabilities. However, there are multiple mitigations available to customers depending on their needs, which can be found in the link below.
Additional information and mitigation techniques: