Security News > 2020 > September > Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild
Cisco has warned of an active zero-day vulnerability in its router software that's being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device.
"An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device," Cisco said in an advisory posted over the weekend.
The bug affects all Cisco gear running its Internetwork Operating System XR Software and stems from an issue in the Distance Vector Multicast Routing Protocol feature that makes it possible for an adversary to send specially crafted Internet Group Management Protocol packets to the susceptible device in question and exhaust process memory.
The flaw lies in the manner IOS XR Software queues these packets, potentially causing memory exhaustion and disruption of other processes.
Cisco didn't elaborate on how the attackers were exploiting this vulnerability and with what goal in mind.