Cisco says it will issue patch ‘as soon as possible’ for bugs hackers are trying to exploit



Written by

Unidentified hackers are trying to exploit critical vulnerabilities in router software made by Cisco while the networking giant scrambles to address the issues.

The bugs, which Cisco revealed Saturday, could allow an attacker to remotely deny service to a device running the software or exhaust the memory on the device. That, in turn, could destabilize “interior and exterior routing protocols” on an affected network, Cisco said in an advisory.

It’s unclear when a patch will be ready; “as soon as possible” is all a Cisco spokesperson would say. The company made recommendations for mitigating the vulnerability until a patch is available.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency encouraged users to check for “indicators of compromise’ or signs of malicious cyber activity.

It’s unclear who is attempting to exploit the vulnerability. With the advisory out, cybersecurity incident responders will be watching for any additional hacking.

Justin Elze, a principal security consultant at security company TrustedSec, pointed out that in order for the vulnerability to be exploited, a protocol known as IGMP needs to be enabled. That protocol is less common in enterprise networks and tends to be used by cable TV networks to do video streaming, he said.

It has already been a busy year for critical vulnerabilities in popular software that hackers exploit before a patch is available. In January, virtual private network provider Citrix released a fix for a critical vulnerability that hackers had already been exploiting.

-In this Story-

Cisco, Cybersecurity and Infrastructure Security Agency (CISA), exploits, remote attack, routers, vulnerability disclosure