Security News > 2020 > September > Cisco Says Hackers Targeting Zero-Days in Carrier-Grade Routers

Cisco has warned that hackers are targeting not one, but two unpatched vulnerabilities in the DVMRP feature of IOS XR software that runs on many carrier-grade routers.
Over the weekend, the company published an advisory to warn of active attacks targeting a security flaw in the Distance Vector Multicast Routing Protocol feature of IOS XR to cause memory exhaustion denial of service.
According to the company, all Cisco devices that are running any release of IOS XR software are affected, provided that an active interface is configured under multicast routing.
Impacted devices include: ASR 9000, NCS 5500, 8000, as well as NCS 540 & 560 series routers.
No workarounds to address the two issues have been detailed yet, but Cisco has published indicators of compromise to help administrators determine whether attackers are exploiting the vulnerabilities in their devices.
News URL
Related news
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Cisco IOS XR vulnerability lets attackers crash BGP on routers (source)