CVE-2020-3569

Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

Act

*SSVC

Descriptions

Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities.

Múltiples vulnerabilidades en la funcionalidad Distance Vector Multicast Routing Protocol (DVMRP) del Cisco IOS XR Software, podrían permitir a un atacante remoto no autenticado bloquear inmediatamente el Internet Group Management Protocol (IGMP) o lo haga consumir la memoria disponible y finalmente bloquearlo. El consumo de memoria puede afectar negativamente a otros procesos que son ejecutados en el dispositivo. Estas vulnerabilidades son debido al manejo incorrecto de paquetes IGMP. Un atacante podría explotar estas vulnerabilidades mediante el envío de un tráfico IGMP diseñado hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante bloquear inmediatamente el proceso IGMP o causar el agotamiento de la memoria, resultando en que otros procesos se vuelvan inestables. Estos procesos pueden incluir, pero no se limitan a, protocolos de enrutamiento interior y exterior. Cisco emitirá actualizaciones de software que abordan estas vulnerabilidades

Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Act

Exploitation

Active

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2019-12-12 CVE Reserved
2020-09-23 CVE Published
2021-11-03 Exploited in Wild
2022-05-03 KEV Due Date
2024-07-26 EPSS Updated
2024-11-08 CVE Updated
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption
CWE-770: Allocation of Resources Without Limits or Throttling

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	8201 Search vendor "Cisco" for product "8201"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	8202 Search vendor "Cisco" for product "8202"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	8808 Search vendor "Cisco" for product "8808"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	8812 Search vendor "Cisco" for product "8812"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	8818 Search vendor "Cisco" for product "8818"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9000v Search vendor "Cisco" for product "Asr 9000v"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9001 Search vendor "Cisco" for product "Asr 9001"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9006 Search vendor "Cisco" for product "Asr 9006"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9010 Search vendor "Cisco" for product "Asr 9010"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9901 Search vendor "Cisco" for product "Asr 9901"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9903 Search vendor "Cisco" for product "Asr 9903"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9904 Search vendor "Cisco" for product "Asr 9904"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9906 Search vendor "Cisco" for product "Asr 9906"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9910 Search vendor "Cisco" for product "Asr 9910"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9912 Search vendor "Cisco" for product "Asr 9912"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Asr 9922 Search vendor "Cisco" for product "Asr 9922"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ios Xrv 9000 Router Search vendor "Cisco" for product "Ios Xrv 9000 Router"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ncs 5001 Search vendor "Cisco" for product "Ncs 5001"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ncs 5002 Search vendor "Cisco" for product "Ncs 5002"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ncs 5011 Search vendor "Cisco" for product "Ncs 5011"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ncs 520 Search vendor "Cisco" for product "Ncs 520"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ncs 540 Search vendor "Cisco" for product "Ncs 540"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ncs 5501 Search vendor "Cisco" for product "Ncs 5501"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ncs 5501 Search vendor "Cisco" for product "Ncs 5501"	se Search vendor "Cisco" for product "Ncs 5501" and version "se"	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ncs 5502 Search vendor "Cisco" for product "Ncs 5502"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ncs 5502 Search vendor "Cisco" for product "Ncs 5502"	se Search vendor "Cisco" for product "Ncs 5502" and version "se"	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ncs 5508 Search vendor "Cisco" for product "Ncs 5508"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ncs 5516 Search vendor "Cisco" for product "Ncs 5516"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ncs 560 Search vendor "Cisco" for product "Ncs 560"	-	-	Safe
Cisco Search vendor "Cisco"	Ios Xr Search vendor "Cisco" for product "Ios Xr"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ncs 6008 Search vendor "Cisco" for product "Ncs 6008"	-	-	Safe