Multiple flaws in system software that causes errors in packet handling could allow an attacker to consume memory and crash devices.

Cisco Systems says hackers are actively exploiting previously unpatched vulnerabilities in its carrier-grade routers that could allow adversaries to crash or severely disrupt devices.

The vulnerabilities exist in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software and could allow an unauthenticated, remote attacker to immediately crash the Internet Group Management Protocol (IGMP) process, the company warned in an advisory over the weekend.

The flaw, tracked as CVE-2020-3566, also allows attackers to make devices consume available memory and eventually crash, something that can “negatively impact other processes that are running on the device,” the company warned.

IOS XR Software runs many of Cisco’s carrier-grade network routers, including the CRS series, 12000 series, and ASR9000 series. The vulnerabilities affect “any Cisco device that is running any release of Cisco IOS XR Software if an active interface is configured under multicast routing and it is receiving DVMRP traffic,” the company said.

The cause of the flaws is the incorrect management of how IGMP packets, which help maintain the efficiency of network traffic, are queued, the company said.

“An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device,” according to the advisory. “A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols.”

#web security #carrier-grade routers #exploit #hackers #memory #packets #security