Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3566

A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability.

Published

2020-08-29T16:15:09.797

Last Modified

2025-10-28T13:53:58.107

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

6.9

Weaknesses
  • Type: Secondary
    CWE-400
  • Type: Primary
    CWE-770
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco ios_xr 6.4.2 Yes
Hardware cisco asr_9001 - No
Hardware cisco asr_9006 - No
Hardware cisco asr_9010 - No
Hardware cisco asr_9901 - No
Hardware cisco asr_9904 - No
Hardware cisco asr_9906 - No
Hardware cisco asr_9910 - No
Hardware cisco asr_9912 - No
Hardware cisco asr_9922 - No
References