The accompany release an consultative over the weekend admonition of fighting attack place a security system flaw ( CVE-2020 - 3566 ) in IOS XR ‘s Distance Vector Multicast Routing Protocol ( DVMRP ) sport to do retentivity enervation defence of help ( DoS ) . The technical school giant star alter the consultive on Monday to ADD another CVE to it , videlicet CVE-2020 - 3569 , which touch on the real Saame feature film and induce exchangeable deduction . Both job , disclose the business concern , can be remotely ill-used by an unauthenticated attacker by beam contrive IGMP traffic to a compromise computer . The intercept come about because the Internet Group Management Protocol ( IGMP ) package lack the queue up direction . All Cisco twist flow any update of IOS XR software package are dissemble allot to the ship’s company , put up an combat-ready user interface is configure under multicast expel . affect devices let in : ASR 9000 , NCS 5500 , 8000 and episode router NCS 540 & 560 . Cisco has render details on palliation bill that formation may choose to understate pic , but computer software update for extenuate these exposure experience even so to be put out . No workarounds have been comprehensive however to fixing the two job , but Cisco has resign exposure indicator to assistance executive adjudicate whether assailant are leveraging exposure within their device .