CVE-2020-3508: Cisco IOS XE Software for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor IP ARP Denial of Service Vulnerability
First published: Thu Sep 24 2020(Updated: )
A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this vulnerability by sending a malicious series of IP ARP messages to an affected device. A successful exploit could allow the attacker to exhaust system resources, which would eventually cause the affected device to reload.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE Web UI | =16.3.1 | |
| Cisco IOS XE Web UI | =16.6.5 | |
| Cisco IOS XE Web UI | =16.7\(1\) | |
| Cisco IOS XE Web UI | =17.1.1 | |
| Cisco Nexus 1000V for VMware vSphere | ||
| Cisco 4321/k9 Integrated Services Router | ||
| Cisco 4331/k9-rf Integrated Services Router | ||
| Cisco 4351/k9-rf Integrated Services Router | ||
| Cisco 4431 Integrated Services Router | ||
| Cisco ASR 1000 Series | ||
| Cisco ASR 1001 | ||
| Cisco ASR 1001-X | ||
| Cisco ASR 1002 Fixed Router | ||
| Cisco ASR 1002-X | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-24PD-S | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-24PS-E | ||
| Cisco Catalyst 3650-24PS-L | ||
| Cisco Catalyst 3650-24PS | ||
| Cisco Catalyst 3650-24TD-E | ||
| Cisco Catalyst 3650-24TD-L | ||
| Cisco Catalyst 3650-24TD Switch | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-24TS-L | ||
| Cisco Catalyst 3650-24TS-S | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-48FQ-E | ||
| Cisco Catalyst 3650-48FQ-L | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-48FQM Switch | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-48FQM Switch | ||
| Cisco Catalyst 3650 Series Switch | ||
| Cisco Catalyst 3650 Series Switch WS-C3650-48FS | ||
| Cisco Catalyst 3650 Series Switch WS-C3650-48FS | ||
| Cisco Catalyst 3650-48PD-E | ||
| Cisco Catalyst 3650-48PD | ||
| Cisco Catalyst 3650-48PD-S | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-48PQ-L | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-48PS-L | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 Series | ||
| Cisco Catalyst 3650-48TQ-S | ||
| Cisco Catalyst 3650-48TS Switch | ||
| Cisco Catalyst 3650-48TS Switch | ||
| Cisco Catalyst 3650-48TS Switch | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 Series | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 9300-24s-e Firmware | ||
| Cisco Catalyst 3850-24S-S | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850-24T-L | ||
| Cisco Catalyst 3850-24T-S | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850-24XU | ||
| Cisco Catalyst 3850-24XU | ||
| Cisco Catalyst 3850-24XU | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850-48F-E | ||
| Cisco Catalyst 3850-48F-L | ||
| Cisco Catalyst 3850-48F-S | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850-48P-S | ||
| Cisco Catalyst 3850-48T-E | ||
| Cisco Catalyst 3850-48T-L | ||
| Cisco Catalyst 3850 Series | ||
| Cisco Catalyst 3850-48U-E | ||
| Cisco Catalyst 3850-48U | ||
| Cisco Catalyst 3850-48U | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850-48XS | ||
| Cisco Catalyst 3850-48XS | ||
| Cisco Catalyst 3850-48XS-S | ||
| Cisco Catalyst 3850-12X48U-E | ||
| Cisco Catalyst 3850-12X48U-L | ||
| Cisco Catalyst 3850-12X48U-S | ||
| Cisco IOS XE Web UI | =16.9.1 | |
| Cisco IOS XE Web UI | =17.4.1 | |
| Cisco 1100-4g/6g Integrated Services Router | ||
| Cisco 1100 Integrated Services Router | ||
| Cisco 1100 Integrated Services Router | ||
| Cisco 1109-4p Integrated Services Router | ||
| Cisco 1100 Integrated Services Router | ||
| Cisco 1100 Integrated Services Router | ||
| Cisco 1100 Integrated Services Router | ||
| Cisco 1100 Series Integrated Services Router | ||
| Cisco 1101 Integrated Services Router | ||
| Cisco 1101 Integrated Services Router | ||
| Cisco 1109 Integrated Services Router | ||
| Cisco 1109 Integrated Services Router | ||
| Cisco 1109 Integrated Services Router | ||
| Cisco 1111x-8p | ||
| Cisco 111x Integrated Services Router | ||
| Cisco 111x Integrated Services Router | ||
| Cisco 1120 Integrated Services Router | ||
| Cisco 1160 Integrated Services Router | ||
| Cisco 4321/k9-rf Integrated Services Router | ||
| Cisco 4321/k9-ws Integrated Services Router | ||
| Cisco 4321 Integrated Services Router | ||
| Cisco 4331/k9-rf Integrated Services Router | ||
| Cisco 4331/k9-ws Integrated Services Router | ||
| Cisco 4331 Integrated Services Router | ||
| Cisco 4351/k9-rf Integrated Services Router | ||
| Cisco 4351/k9 Integrated Services Router | ||
| Cisco 4351/k9 Integrated Services Router | ||
| Cisco 4441 Integrated Services Router | ||
| Cisco ASR 1000 series software | ||
| Cisco ASR 1001 | ||
| Cisco ASR 1002 Fixed Router | ||
| Cisco ASR 1004 | ||
| Cisco ASR 1006 | ||
| Cisco ASR 1013 | ||
| Cisco ASR 1023 Router | ||
| Cisco Cloud Services Router 1000V |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-3508?
CVE-2020-3508 has been rated as high severity due to its potential to allow unauthenticated attackers to disrupt device operations.
How do I fix CVE-2020-3508?
To fix CVE-2020-3508, you should upgrade your Cisco IOS XE software to the latest version that has addressed this vulnerability.
Which Cisco IOS XE versions are affected by CVE-2020-3508?
CVE-2020-3508 affects Cisco IOS XE versions 16.3.1, 16.6.5, 16.7(1), 17.1.1, 16.9.1, and 17.4.1.
What type of devices are vulnerable to CVE-2020-3508?
CVE-2020-3508 affects Cisco ASR 1000 Series routers with the 20-Gbps Embedded Services Processor.
Can CVE-2020-3508 be exploited remotely?
No, CVE-2020-3508 requires an unauthenticated, adjacent attacker to exploit the vulnerability.
- agent/type
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ios xe web ui
- version/cisco ios xe web ui/16.3.1
- version/cisco ios xe web ui/16.6.5
- version/cisco ios xe web ui/16.7\(1\)
- version/cisco ios xe web ui/17.1.1
- canonical/cisco nexus 1000v for vmware vsphere
- canonical/cisco 4321/k9 integrated services router
- canonical/cisco 4331/k9-rf integrated services router
- canonical/cisco 4351/k9-rf integrated services router
- canonical/cisco 4431 integrated services router
- canonical/cisco asr 1000 series
- canonical/cisco asr 1001
- canonical/cisco asr 1001-x
- canonical/cisco asr 1002 fixed router
- canonical/cisco asr 1002-x
- canonical/cisco catalyst 3650
- canonical/cisco catalyst 3650-24pd-s
- canonical/cisco catalyst 3650-24ps-e
- canonical/cisco catalyst 3650-24ps-l
- canonical/cisco catalyst 3650-24ps
- canonical/cisco catalyst 3650-24td-e
- canonical/cisco catalyst 3650-24td-l
- canonical/cisco catalyst 3650-24td switch
- canonical/cisco catalyst 3650-24ts-l
- canonical/cisco catalyst 3650-24ts-s
- canonical/cisco catalyst 3650-48fq-e
- canonical/cisco catalyst 3650-48fq-l
- canonical/cisco catalyst 3650-48fqm switch
- canonical/cisco catalyst 3650 series switch
- canonical/cisco catalyst 3650 series switch ws-c3650-48fs
- canonical/cisco catalyst 3650-48pd-e
- canonical/cisco catalyst 3650-48pd
- canonical/cisco catalyst 3650-48pd-s
- canonical/cisco catalyst 3650-48pq-l
- canonical/cisco catalyst 3650-48ps-l
- canonical/cisco catalyst 3650 series
- canonical/cisco catalyst 3650-48tq-s
- canonical/cisco catalyst 3650-48ts switch
- canonical/cisco catalyst 3850
- canonical/cisco catalyst 3850 series
- canonical/cisco catalyst 9300-24s-e firmware
- canonical/cisco catalyst 3850-24s-s
- canonical/cisco catalyst 3850-24t-l
- canonical/cisco catalyst 3850-24t-s
- canonical/cisco catalyst 3850-24xu
- canonical/cisco catalyst 3850-48f-e
- canonical/cisco catalyst 3850-48f-l
- canonical/cisco catalyst 3850-48f-s
- canonical/cisco catalyst 3850-48p-s
- canonical/cisco catalyst 3850-48t-e
- canonical/cisco catalyst 3850-48t-l
- canonical/cisco catalyst 3850-48u-e
- canonical/cisco catalyst 3850-48u
- canonical/cisco catalyst 3850-48xs
- canonical/cisco catalyst 3850-48xs-s
- canonical/cisco catalyst 3850-12x48u-e
- canonical/cisco catalyst 3850-12x48u-l
- canonical/cisco catalyst 3850-12x48u-s
- version/cisco ios xe web ui/16.9.1
- version/cisco ios xe web ui/17.4.1
- canonical/cisco 1100-4g/6g integrated services router
- canonical/cisco 1100 integrated services router
- canonical/cisco 1109-4p integrated services router
- canonical/cisco 1100 series integrated services router
- canonical/cisco 1101 integrated services router
- canonical/cisco 1109 integrated services router
- canonical/cisco 1111x-8p
- canonical/cisco 111x integrated services router
- canonical/cisco 1120 integrated services router
- canonical/cisco 1160 integrated services router
- canonical/cisco 4321/k9-rf integrated services router
- canonical/cisco 4321/k9-ws integrated services router
- canonical/cisco 4321 integrated services router
- canonical/cisco 4331/k9-ws integrated services router
- canonical/cisco 4331 integrated services router
- canonical/cisco 4351/k9 integrated services router
- canonical/cisco 4441 integrated services router
- canonical/cisco asr 1000 series software
- canonical/cisco asr 1004
- canonical/cisco asr 1006
- canonical/cisco asr 1013
- canonical/cisco asr 1023 router
- canonical/cisco cloud services router 1000v