Cisco fixed two actively exploited and high severity memory exhaustion DoS vulnerabilities found in the IOS XR software that runs on multiple carrier-grade routers. The two security flaws exist in the Distance Vector Multicast Routing Protocol (DVMRP) feature. Cisco has now released free Software Maintenance Upgrades (SMU) to address the two vulnerabilities. In July, Cisco fixed another actively exploited read-only path traversal vulnerability, as well as pre-auth critical remote code execution, authentication bypass, and static default credential vulnerabilities.
Source: https://www.bleepingcomputer.com/news/security/cisco-fixes-actively-exploited-bugs-in-carrier-grade-routers/