A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this vulnerability by sending a malicious series of IP ARP messages to an affected device. A successful exploit could allow the attacker to exhaust system resources, which would eventually cause the affected device to reload.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 13 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2024-11-13T18:00:09.880Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3508

cve-icon Vulnrichment

Updated: 2024-08-04T07:37:54.688Z

cve-icon NVD

Status : Modified

Published: 2020-09-24T18:15:20.963

Modified: 2024-11-21T05:31:12.983

Link: CVE-2020-3508

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.