CVE-2020-3566: Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
First published: Sat Aug 29 2020(Updated: )
A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XR | =6.4.2 | |
| Cisco Asr 9001 | ||
| Cisco Asr 9006 | ||
| Cisco Asr 9010 | ||
| Cisco Asr 9901 | ||
| Cisco Asr 9904 | ||
| Cisco Asr 9906 | ||
| Cisco Asr 9910 | ||
| Cisco Asr 9912 | ||
| Cisco Asr 9922 | ||
| Cisco IOS XR | ||
| All of | ||
| Cisco IOS XR | =6.4.2 | |
| Any of | ||
| Cisco Asr 9001 | ||
| Cisco Asr 9006 | ||
| Cisco Asr 9010 | ||
| Cisco Asr 9901 | ||
| Cisco Asr 9904 | ||
| Cisco Asr 9906 | ||
| Cisco Asr 9910 | ||
| Cisco Asr 9912 | ||
| Cisco Asr 9922 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3566?
CVE-2020-3566 is a vulnerability in Cisco IOS XR Software that could allow an unauthenticated, remote attacker to exhaust process memory of an affected device.
How does CVE-2020-3566 affect Cisco IOS XR?
CVE-2020-3566 affects Cisco IOS XR Software and can cause an exhaustion of process memory on the affected device.
What is the severity of CVE-2020-3566?
CVE-2020-3566 has a severity rating of 7.5 (high).
Which products are affected by CVE-2020-3566?
The Cisco IOS XR version 6.4.2 is affected by CVE-2020-3566.
How can I fix CVE-2020-3566?
To fix CVE-2020-3566, Cisco recommends updating to a fixed software release.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/description
- agent/title
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/tags
- collector/nvd-cve
- vendor/cisco
- canonical/cisco ios xr
- version/cisco ios xr/6.4.2
- canonical/cisco asr 9001
- canonical/cisco asr 9006
- canonical/cisco asr 9010
- canonical/cisco asr 9901
- canonical/cisco asr 9904
- canonical/cisco asr 9906
- canonical/cisco asr 9910
- canonical/cisco asr 9912
- canonical/cisco asr 9922