Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is in the KEV database since Nov. 3, 2021.

Exploitation active

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Cisco
  • Asr 9000v
  • Asr 9001
  • Asr 9006
  • Asr 9010
  • Asr 9901
  • Asr 9903
  • Asr 9904
  • Asr 9906
  • Asr 9910
  • Asr 9912
  • Asr 9922
  • Crs
  • Crs-1 16-slot Line Card Chassis
  • Crs-1 16-slot Single-shelf System
  • Crs-1 4-slot Single-shelf System
  • Crs-1 8-slot Line Card Chassis
  • Crs-1 8-slot Single-shelf System
  • Crs-1 Fabric Card Chassis
  • Crs-1 Line Card Chassis \(dual\)
  • Crs-1 Line Card Chassis \(multi\)
  • Crs-1 Multishelf System
  • Crs-3 16-slot Single-shelf System
  • Crs-3 4-slot Single-shelf System
  • Crs-3 8-slot Single-shelf System
  • Crs-3 Multishelf System
  • Crs-8\/s-b Crs
  • Crs-8\/scrs
  • Crs-x
  • Crs-x 16-slot Single-shelf System
  • Crs-x Multishelf System
  • Crs Performance Route Processor
  • Ios Xr
  • Ncs 5001
  • Ncs 5002
  • Ncs 5011
  • Ncs 520
  • Ncs 540
  • Ncs 5501
  • Ncs 5502
  • Ncs 5508
  • Ncs 5516
  • Ncs 560
  • Ncs 6008

Configuration 1 [-]

AND
OR cpe:2.3:o:cisco:ios_xr:6.1.4:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xr:6.2.3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xr:6.3.3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xr:6.4.2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xr:6.6.3:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xr:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xr:7.1.2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xr:7.1.15:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_520:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_5501:se:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_5502:se:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_520:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_5501:se:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_5502:se:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:o:cisco:ios_xr:6.1.4:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xr:6.4.2:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xr:6.4.3:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:crs:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-1_16-slot_line_card_chassis:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-1_16-slot_single-shelf_system:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-1_4-slot_single-shelf_system:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-1_8-slot_line_card_chassis:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-1_8-slot_single-shelf_system:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-1_fabric_card_chassis:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-1_line_card_chassis_\(dual\):-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-1_line_card_chassis_\(multi\):-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-1_multishelf_system:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-3_16-slot_single-shelf_system:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-3_4-slot_single-shelf_system:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-3_8-slot_single-shelf_system:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-3_multishelf_system:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-8\/s-b_crs:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-8\/scrs:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-x_16-slot_single-shelf_system:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs-x_multishelf_system:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:crs_performance_route_processor:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz cve-icon cve-icon
History

Fri, 08 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2021-11-03'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2024-11-08T16:09:50.094Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3569

cve-icon Vulnrichment

Updated: 2024-08-04T07:37:55.472Z

cve-icon NVD

Status : Analyzed

Published: 2020-09-23T01:15:15.503

Modified: 2025-02-24T15:39:08.970

Link: CVE-2020-3569

cve-icon Redhat

No data.