Cisco IOS XR Software – Security Vulnerability

Home/Security Update/Cisco IOS XR Software – Security Vulnerability

Cisco IOS XR Software – Security Vulnerability

Short Summary

Multiple vulnerabilities were found in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software. The vulnerabilities are caused due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An unauthenticated remote attacker can exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. Successful exploitation can enable an attacker to cause memory exhaustion, resulting in instability of other processes.

Vulnerability Identifier: 

CVE-2020-3566, CVE-2020-3569

Vulnerability Problem Type: 

Design problem

Credibility Level: 

Vendor report

Author: 

Cisco

Vulnerable Platforms:

Cisco IOS XR Software

Base Metrics : 

AV:N/AC:L/AU:N/C:N/I:N/A:C

Vulnerability Impact: 

Denial of Service

Exploit Available: 

No

Attack Vector: 

Network

Fix Available: 

No

Defense Strategies: 

Network and Communication

Solution: 

Please see the reference section.

Advisory Vendor: 

Cisco

Reference Title: 

Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities

Reference Author: 

Cisco

Network Ports: 

80, 443

Reference URL: 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz

By | 2020-09-01T11:02:33+00:00 September 1st, 2020|Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment