Cisco IOS XR Software – Security Vulnerability

Home/Security Update/Cisco IOS XR Software – Security Vulnerability

Cisco IOS XR Software – Security Vulnerability

Short Summary

Multiple vulnerabilities were found in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software. The vulnerabilities are caused due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An unauthenticated remote attacker can exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. Successful exploitation can enable an attacker to cause memory exhaustion, resulting in instability of other processes.

Vulnerability Identifier: 

CVE-2020-3566, CVE-2020-3569

Vulnerability Problem Type: 

Design problem

Credibility Level: 

Vendor report



Vulnerable Platforms:

Cisco IOS XR Software

Base Metrics : 


Vulnerability Impact: 

Denial of Service

Exploit Available: 


Attack Vector: 


Fix Available: 


Defense Strategies: 

Network and Communication


Please see the reference section.

Advisory Vendor: 


Reference Title: 

Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities

Reference Author: 


Network Ports: 

80, 443

Reference URL:

By | 2020-09-01T11:02:33+05:30 September 1st, 2020|Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!