SB2020082902 - Denial of service in Cisco IOS XR Software

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020082902

SB2020082902 - Denial of service in Cisco IOS XR Software

Published: August 29, 2020 Updated: September 2, 2020

Security Bulletin ID SB2020082902
Severity
High
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Resource exhaustion (CVE-ID: CVE-2020-3566)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient queue management for Internet Group Management Protocol (IGMP) packets in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software. A remote attacker can trigger resource exhaustion by sending crafted IGMP  traffic to the affected device and perform a denial of service (DoS) attack.

Note: this vulnerability is being actively exploited in the wild.


2) Resource exhaustion (CVE-ID: CVE-2020-3569)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient queue management for Internet Group Management Protocol (IGMP) packets in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software. A remote attacker can trigger resource exhaustion by sending crafted IGMP  traffic to the affected device and perform a denial of service (DoS) attack.

Note: this vulnerability is being actively exploited in the wild.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References