A technical support intervention has revealed two zero-day vulnerabilities in the OS running on Cisco enterprise-grade routers that attackers are trying to actively exploit.

Cisco plans to release software updates to plug these security holes, but in the meantime administrators are advised to implement one or all of the provided mitigations.

About the vulnerabilities

The two zero-day flaws – CVE-2020-3566 and CVE-2020-3569 – affect the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software, running on Cisco enterprise-grade routers for service providers, data centers, enterprises, and critical infrastructure.