Security News > 2020 > October > Cisco warns of attacks targeting high severity router vulnerability
Cisco today warned of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company's Cisco IOS XR Software.
The IOS XR Network OS is deployed on several Cisco router platforms including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers.
"In October 2020, the Cisco Product Security Incident Response Team received reports of attempted exploitation of this vulnerability in the wild," the updated advisory reads.
Attackers could exploit the vulnerability by sending a malicious Cisco Discovery Protocol packet to devices running a vulnerable IOS XR version.
Luckily, even though this Cisco Discovery Protocol Format String Vulnerability could lead to remote code execution, it can only be exploited by unauthenticated adjacent attackers in the same broadcast domain as the vulnerable devices.
News URL
Related news
- Cisco IOS XR vulnerability lets attackers crash BGP on routers (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Cisco warns of CSLU backdoor admin account used in attacks (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-05 | CVE-2020-3118 | Out-of-bounds Write vulnerability in Cisco IOS XR A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. | 8.8 |