CVE-2020-3566
Description
A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco ASR 9000 Series Aggregation Services Routers | NCM |
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco Network Convergence System 6000 Series Routers | NCM |
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco Network Convergence System 4000 Series | NCM |
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco IOS XRv 9000 Router | NCM |
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco Network Convergence System 5000 Series | NCM |
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco Network Convergence System 5500 Series | NCM |
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco Network Convergence System 1000 Series | NCM |
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco Network Convergence System 500 Series Routers | NCM |
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco 8000 Series Routers | NCM |
| Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-3566) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705564 | Security Update for Cisco ASR 9000 Series Aggregation Services Routers 5.3.0.1i.BASE |
| PATCH-1705630 | Security Update for Cisco Network Convergence System 6000 Series Routers 6.1.4 |
| PATCH-1705272 | Security Update for Cisco Network Convergence System 4000 Series 7.2.2 |
| PATCH-1705219 | Security Update for Cisco IOS XRv 9000 Router 7.1.2.1i.BASE |
| PATCH-1706021 | Security Update for Cisco Network Convergence System 5000 Series 6.2.1.21i.BASE |
| PATCH-1705220 | Security Update for Cisco Network Convergence System 5500 Series 7.1.2.1i.BASE |
| PATCH-1705124 | Security Update for Cisco Network Convergence System 1000 Series 7.2.1.9i.ROUT |
| PATCH-1705229 | Security Update for Cisco Network Convergence System 500 Series Routers 7.2.1.21i.BASE |
| PATCH-1705230 | Security Update for Cisco 8000 Series Routers 7.2.1.21i.BASE |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234