Resource exhaustion in Cisco IOS XR - CVE-2020-3569
Published: September 2, 2020
Vulnerability identifier: #VU46200
CSH Severity: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2020-3569
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Cisco IOS XR
Cisco IOS XR
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient queue management for Internet Group Management Protocol (IGMP) packets in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software. A remote attacker can trigger resource exhaustion by sending crafted IGMP traffic to the affected device and perform a denial of service (DoS) attack.
Note: this vulnerability is being actively exploited in the wild.Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.