Cisco has released a security advisory on a vulnerability—CVE-2020-3566—in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR software. This vulnerability affects Cisco devices running IOS XR software that have an active interface configured under multicast routing. A remote attacker could exploit this vulnerability to exhaust process memory of an affected device. This vulnerability was detected in exploits in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and take the following actions.
- Implement the recommended mitigations.
- Search for indicators of compromise.
- Apply the necessary update, when available.