Cisco Addresses Actively Targeted Vulnerabilities in IOS XR Software

On September 29, Cisco updated their original advisory for CVE-2020-3566 and CVE-2020-3569. The advisory notes that they’ve released Software Maintenance Upgrades (SMUs) to address both of the actively targeted denial-of-service (DoS) vulnerabilities for Cisco IOS XR versions. For more details about the patches, please review the Fixed Releases section in Cisco’s advisory.

Cisco first released their advisory on August 29, 2020, in response to the Cisco Product Security Incident Response Team (PSIRT) becoming “aware of attempted exploitation of these vulnerabilities in the wild” on August 28. Cisco updated its original advisory on August 31 to reflect an additional vulnerability in the IOS XR Software and include another CVE. The Cybersecurity and Infrastructure Security Agency (CISA) also issued an alert on August 31 regarding the attempted exploits in the wild, recommending that organizations apply mitigations or patches when available.

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.