CVE-2020-3566, CVE-2020-3569: Zero-Day Vulnerabilities in Cisco IOS XR Software Targeted in the Wild

On August 29, 2020, Cisco published an advisory regarding a zero-day denial-of-service (DoS) vulnerability in its Cisco IOS XR Software. This advisory was released in response to the Cisco Product Security Incident Response Team (PSIRT) becoming “aware of attempted exploitation of these vulnerabilities in the wild” on August 28. Cisco updated its original advisory on August 31 to reflect an additional vulnerability in the IOS XR Software and include another CVE. The Cybersecurity and Infrastructure Security Agency (CISA) also issued an alert on August 31 regarding the attempted exploits in the wild, recommending that organizations apply mitigations or patches when available.

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.