• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • Contact Us

iHash

News and How to's

  • Apple iPad Mini 2 (2013) 7.9" 16GB – Silver (Refurbished: Wi-Fi Only) for $87

    Apple iPad Mini 2 (2013) 7.9" 16GB – Silver (Refurbished: Wi-Fi Only) for $87
  • Seido™ Japanese Master Chef's 8-Piece Knife with Gift Box – Buy One Get One FREE! for $139

    Seido™ Japanese Master Chef's 8-Piece Knife with Gift Box – Buy One Get One FREE! for $139
  • CleanMyMac One-Time Purchase: Lifetime License for $62

    CleanMyMac One-Time Purchase: Lifetime License for $62
  • UltraVPN Secure USA VPN Proxy: 3 Year Subscription + Free Antivirus for 30 Days for $29

    UltraVPN Secure USA VPN Proxy: 3 Year Subscription + Free Antivirus for 30 Days for $29
  • Wordela Vocabulary Mastery: Lifetime Subscription for $39

    Wordela Vocabulary Mastery: Lifetime Subscription for $39
  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

Cisco Issues Warning Over IOS XR Zero-Day Flaw Being Targeted in the Wild

Sep 1, 2020 by iHash Leave a Comment

Cisco has warned of an active zero-day vulnerability in its router software that’s being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device.

“An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device,” Cisco said in an advisory posted over the weekend.

“A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols.”

cybersecurity

Although the company said it will release software fixes to address the flaw, it did not share a timeline for when it plans to make it available. The networking equipment maker said it became aware of attempts to exploit the flaw on August 28.

Tracked as CVE-2020-3566, the severity of the vulnerability has been rated “high” with a Common Vulnerability Scoring System score of 8.6 out of a maximum 10.

The bug affects all Cisco gear running its Internetwork Operating System (IOS) XR Software and stems from an issue in the Distance Vector Multicast Routing Protocol (DVMRP) feature that makes it possible for an adversary to send specially crafted Internet Group Management Protocol (IGMP) packets to the susceptible device in question and exhaust process memory.

IGMP is typically used to efficiently use resources for multicasting applications when supporting streaming content such as online video streaming and gaming. The flaw lies in the manner IOS XR Software queues these packets, potentially causing memory exhaustion and disruption of other processes.

While there are no workarounds to resolve the issue, Cisco recommends administrators to run the “show igmp interface” command to determine if multicast routing is enabled.

“If the output of ‘show igmp interface’ is empty, multicast routing is not enabled and the device is not affected by these vulnerabilities,” the company said.

Additionally, admins can also check the system logs for signs of memory exhaustion and implement rate-limiting to reduce IGMP traffic rates to mitigate the risk.

Cisco didn’t elaborate on how the attackers were exploiting this vulnerability and with what goal in mind.

But given that resource exhaustion attacks are also a form of denial-of-service attacks, it wouldn’t be surprising if bad actors are leveraging the flaw to interfere with the regular functioning of the system.

Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: Cisco, computer security, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, Flaw, hacker news, hacking news, how to hack, information security, iOS, Issues, network security, ransomware malware, software vulnerability, Targeted, the hacker news, warning, Wild, ZeroDay

Special Offers

  • Apple iPad Mini 2 (2013) 7.9" 16GB – Silver (Refurbished: Wi-Fi Only) for $87

    Apple iPad Mini 2 (2013) 7.9" 16GB – Silver (Refurbished: Wi-Fi Only) for $87
  • Seido™ Japanese Master Chef's 8-Piece Knife with Gift Box – Buy One Get One FREE! for $139

    Seido™ Japanese Master Chef's 8-Piece Knife with Gift Box – Buy One Get One FREE! for $139
  • CleanMyMac One-Time Purchase: Lifetime License for $62

    CleanMyMac One-Time Purchase: Lifetime License for $62
  • UltraVPN Secure USA VPN Proxy: 3 Year Subscription + Free Antivirus for 30 Days for $29

    UltraVPN Secure USA VPN Proxy: 3 Year Subscription + Free Antivirus for 30 Days for $29
  • Wordela Vocabulary Mastery: Lifetime Subscription for $39

    Wordela Vocabulary Mastery: Lifetime Subscription for $39

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

AI Empowers Microfinance: Revolutionizing Fraud Detection

Jun 1, 2023 By iHash

Apple, MLB announce July “Friday Night Baseball” schedule on Apple TV+

Jun 1, 2023 By iHash

Tags

* Apple Cisco computer security cyber attacks cyber crime cyber news cybersecurity Cyber Security cyber security news cyber security news today cyber security updates cyber threats cyber updates data data breach data breaches google hacker hacker news Hackers hacking hacking news how to hack incident response information security iOS 7 iOS 8 iPhone Malware microsoft network security ransomware ransomware malware risk management Secure security security breaches security vulnerabilities software vulnerability the hacker news Threat update video web applications

Latest

A Guide to Log File Parsing Tools

A Guide to Log File Parsing Tools

While log parsing isn’t very sexy and never gets much credit, it is fundamental to productive and centralized log analysis. Log parsing extracts information in your logs and organizes them into fields. Without well-structured fields in your logs, searching and visualizing your log data is near impossible. In this article, we’ll review some of the […]

Triangulation: Trojan for iOS

Triangulation: Trojan for iOS | Kaspersky official blog

Hi all, today we have very big and important news. Kaspersky experts have discovered an extremely complex, professionally targeted cyberattack that uses Apple’s mobile devices. The purpose of this attack is the inconspicuous introduction of spyware into the iPhones of employees of the company – both top and middle-management. The attack is carried out using […]

Apple iPad Mini 2 (2013) 7.9" 16GB – Silver (Refurbished: Wi-Fi Only) for $87

Expires June 01, 2123 23:59 PST Buy now and get 37% off KEY FEATURES The Apple iPad Mini 2nd Gen is a compact, portable tablet with a powerful and versatile experience. Its 7.9-inch Retina display delivers vibrant visuals and sharp image quality. The Wi-Fi-only model ensures easy connectivity to wireless networks for browsing, streaming, and […]

Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks

May 31, 2023Ravie LakshmananAdvanced Persistent Threat The threat actor known as Dark Pink has been linked to five new attacks aimed at various entities in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023. This includes educational entities, government agencies, military bodies, and non-profit organizations, indicating the adversarial crew’s continued focus on […]

How to give back to the Elastic community

How to give back to the Elastic community

One of the most beautiful things about having a front-row seat in the Elastic Community is witnessing folks helping each other. From Discuss and the Elastic Community Slack workspace to the Official Elastic YouTube channel no matter where you turn, you’ll see Elasticsearch pros and beginners sharing their knowledge. That’s why we created the Elastic […]

Safeguards against firmware signed with stolen MSI keys

Safeguards against firmware signed with stolen MSI keys

What could be worse than a ransomware attack on your company? Only an incident that hits your company’s clients, I guess. Well, that’s exactly what happened to MSI — the large Taiwanese manufacturer of laptops, video adapters and motherboards. In the beginning of April, word got out that the company was attacked by a new […]

Jailbreak

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

  Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate.   Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

  Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

Copyright iHash.eu © 2023
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT