Heads up! Staying Alert! 1st Sep, 2020.

Preface: IP multicast is commonly used today to deliver stock quotes from stock exchanges to financial service providers and then to the stock analysts or brokerages.

Background: The multicast addresses are in the range 224.0.0.0 through 239.255.255.255. Multicast traffic is blocked in the Layer-3 mode by default or by blocking PIM and IGMP under the security rule. The most important multicast routing protocol for the Internet today is PIM sparse mode, defined in RFC 2362.

Vulnerability details:Cisco Releases Security Advisory for DVMRP Vulnerability in IOS XR Software. This design weakness due to insufficient queue management for IGMP packets. As a result attacker could exploit this vulnerability by sending craft IGMP traffic to the vulnerable device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Perhaps the drawings can provide an overview for reference.

Official announcement: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz

Remark: IOS XR is a train of Cisco Systems’ widely deployed Internetworking Operating System (IOS), used on their high-end Network Converging System (NCS), carrier-grade routers such as the CRS series, 12000 series, and ASR9000 series.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.