CVE-2020-3569
Description
Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco ASR 9000 Series Aggregation Services Routers | NCM |
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco Network Convergence System 6000 Series Routers | NCM |
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco Network Convergence System 4000 Series | NCM |
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco IOS XRv 9000 Router | NCM |
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco Network Convergence System 5000 Series | NCM |
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco Network Convergence System 5500 Series | NCM |
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco Network Convergence System 1000 Series | NCM |
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco Network Convergence System 500 Series Routers | NCM |
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities For Cisco 8000 Series Routers | NCM |
| Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-3569) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705564 | Security Update for Cisco ASR 9000 Series Aggregation Services Routers 5.3.0.1i.BASE |
| PATCH-1705630 | Security Update for Cisco Network Convergence System 6000 Series Routers 6.1.4 |
| PATCH-1705272 | Security Update for Cisco Network Convergence System 4000 Series 7.2.2 |
| PATCH-1705219 | Security Update for Cisco IOS XRv 9000 Router 7.1.2.1i.BASE |
| PATCH-1706021 | Security Update for Cisco Network Convergence System 5000 Series 6.2.1.21i.BASE |
| PATCH-1705220 | Security Update for Cisco Network Convergence System 5500 Series 7.1.2.1i.BASE |
| PATCH-1705124 | Security Update for Cisco Network Convergence System 1000 Series 7.2.1.9i.ROUT |
| PATCH-1705229 | Security Update for Cisco Network Convergence System 500 Series Routers 7.2.1.21i.BASE |
| PATCH-1705230 | Security Update for Cisco 8000 Series Routers 7.2.1.21i.BASE |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234