Cisco says it will issue patch ‘as soon as possible’ for bugs hackers are trying to exploit

It's been a busy year for critical bugs in popular software that hackers exploit before a patch is available.
Cisco at the Gartner Security & Risk Management Summit 2019

Unidentified hackers are trying to exploit critical vulnerabilities in router software made by Cisco while the networking giant scrambles to address the issues.

The bugs, which Cisco revealed Saturday, could allow an attacker to remotely deny service to a device running the software or exhaust the memory on the device. That, in turn, could destabilize “interior and exterior routing protocols” on an affected network, Cisco said in an advisory.

It’s unclear when a patch will be ready; “as soon as possible” is all a Cisco spokesperson would say. The company made recommendations for mitigating the vulnerability until a patch is available.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency encouraged users to check for “indicators of compromise’ or signs of malicious cyber activity.


It’s unclear who is attempting to exploit the vulnerability. With the advisory out, cybersecurity incident responders will be watching for any additional hacking.

Justin Elze, a principal security consultant at security company TrustedSec, pointed out that in order for the vulnerability to be exploited, a protocol known as IGMP needs to be enabled. That protocol is less common in enterprise networks and tends to be used by cable TV networks to do video streaming, he said.

It has already been a busy year for critical vulnerabilities in popular software that hackers exploit before a patch is available. In January, virtual private network provider Citrix released a fix for a critical vulnerability that hackers had already been exploiting.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts