Cisco Releases Security Advisory for DVMRP Vulnerability in IOS XR Software

Original release date: August 31, 2020

Cisco has released a security advisory on a vulnerability—CVE-2020-3566—in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR software. This vulnerability affects Cisco devices running IOS XR software that have an active interface configured under multicast routing. A remote attacker could exploit this vulnerability to exhaust process memory of an affected device. This vulnerability was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and take the following actions.

  • Implement the recommended mitigations.
  • Search for indicators of compromise.
  • Apply the necessary update, when available.

This product is provided subject to this Notification and this Privacy & Use policy.

National Insider Threat Awareness Month

Original release date: August 31, 2020 | Last revised: September 1, 2020

September is National Insider Threat Awareness Month (NIATM), which is a collaborative effort between the National Counterintelligence and Security Center (NCSC), National Insider Threat Task Force (NITTF), Office of the Under Secretary of Defense Intelligence and Security (USD(I&S)), Department of Homeland Security (DHS), and Defense Counterintelligence and Security Agency (DCSA) to emphasize the importance of detecting, deterring, and reporting insider threats.
 
NITAM 2020 will focus on “Resilience” by promoting personal and organizational resilience to mitigate risks posed by insider threats. The Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations to read NCSC’s NITAM 2020 endorsement and explore the following resources to learn how to protect against insider threats:

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates

Original release date: August 27, 2020

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Original release date: August 26, 2020

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Mozilla Security Advisories and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.