Cisco confirms two zero-day flaws in its operating system that runs carrier-grade routers. The flaws exist in the distance vector multicast routing protocol, or DVMRP. An unauthenticated, remote attacker could exhaust the process memory of a device by sending crafted packets to a device, Cisco says. Cisco says it spotted in-the-wild attacks on Friday while working to resolve a customer problem. No patches are yet ready, but Cisco has described workarounds administrators can put in place to mitigate attempts to exploit the flaws.”]
Source: https://www.cuinfosecurity.com/cisco-alert-hackers-targeting-zero-day-flaws-in-ios-xr-a-14925