All the vulnerabilites related to cisco - crs_performance_route_processor
Vulnerability from fkie_nvd
Published
2020-09-23 01:15
Modified
2024-11-21 05:31
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities.
References
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfzVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfzVendor Advisory
Impacted products
Vendor Product Version
cisco ios_xr 6.1.4
cisco ios_xr 6.2.3
cisco ios_xr 6.3.3
cisco ios_xr 6.4.2
cisco ios_xr 6.5.3
cisco ios_xr 6.6.2
cisco ios_xr 6.6.3
cisco ios_xr 7.0.2
cisco ios_xr 7.1.2
cisco ios_xr 7.1.15
cisco asr_9000v -
cisco asr_9001 -
cisco asr_9006 -
cisco asr_9010 -
cisco asr_9901 -
cisco asr_9903 -
cisco asr_9904 -
cisco asr_9906 -
cisco asr_9910 -
cisco asr_9912 -
cisco asr_9922 -
cisco ncs_5001 -
cisco ncs_5002 -
cisco ncs_5011 -
cisco ncs_520 -
cisco ncs_540 -
cisco ncs_5501 -
cisco ncs_5501 se
cisco ncs_5502 -
cisco ncs_5502 se
cisco ncs_5508 -
cisco ncs_5516 -
cisco ncs_560 -
cisco ncs_6008 -
cisco ios_xr *
cisco ncs_5001 -
cisco ncs_5002 -
cisco ncs_5011 -
cisco ncs_520 -
cisco ncs_540 -
cisco ncs_5501 -
cisco ncs_5501 se
cisco ncs_5502 -
cisco ncs_5502 se
cisco ncs_5508 -
cisco ncs_5516 -
cisco ncs_560 -
cisco ncs_6008 -
cisco ios_xr 6.1.4
cisco ios_xr 6.4.2
cisco ios_xr 6.4.3
cisco crs -
cisco crs-1_16-slot_line_card_chassis -
cisco crs-1_16-slot_single-shelf_system -
cisco crs-1_4-slot_single-shelf_system -
cisco crs-1_8-slot_line_card_chassis -
cisco crs-1_8-slot_single-shelf_system -
cisco crs-1_fabric_card_chassis -
cisco crs-1_line_card_chassis_\(dual\) -
cisco crs-1_line_card_chassis_\(multi\) -
cisco crs-1_multishelf_system -
cisco crs-3_16-slot_single-shelf_system -
cisco crs-3_4-slot_single-shelf_system -
cisco crs-3_8-slot_single-shelf_system -
cisco crs-3_multishelf_system -
cisco crs-8\/s-b_crs -
cisco crs-8\/scrs -
cisco crs-x -
cisco crs-x_16-slot_single-shelf_system -
cisco crs-x_multishelf_system -
cisco crs_performance_route_processor -


To clipboard 

{
  "cisaActionDue": "2022-05-03",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC06F7E7-D67F-4C91-B545-F7EB62858BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "370F74EC-829D-4574-BE7D-85700E15C433",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "47F3F8E3-D93B-4BAB-8643-AFBFC36940AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67F538A-3E1A-4749-BB8D-4F8043653B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86E05C3F-4095-4B9C-8C11-E32567EB14AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36944A2B-E4F5-41DE-AC4D-55BFA603BE5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F70AB37-3C0B-40A8-BC37-5A79DA5F45F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B842317-A5DB-4890-948A-DD26B7AE2540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:7.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "48928FFF-871C-4C07-8352-8C802FAD8F53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71BD158E-71D8-4DCA-8C09-F8AB7EF0EBDD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA241214-2F05-4360-9B50-385355E29CF4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_520:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5249FE7A-FAAE-42C4-9250-DF4B2009F420",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501:se:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FE69B4-DF27-46F1-8037-4B8D1F229C6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502:se:*:*:*:*:*:*:*",
              "matchCriteriaId": "603980FE-9865-4A71-A37C-A90B7F3B72D6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "61AF653C-DCD4-4B20-A555-71120F9A5BB9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CED75685-A63C-4550-9820-769058BEF572",
              "versionEndExcluding": "6.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_520:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5249FE7A-FAAE-42C4-9250-DF4B2009F420",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501:se:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FE69B4-DF27-46F1-8037-4B8D1F229C6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502:se:*:*:*:*:*:*:*",
              "matchCriteriaId": "603980FE-9865-4A71-A37C-A90B7F3B72D6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "61AF653C-DCD4-4B20-A555-71120F9A5BB9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC06F7E7-D67F-4C91-B545-F7EB62858BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67F538A-3E1A-4749-BB8D-4F8043653B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:6.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4132A8AA-008B-49DA-AA5C-EB39CC65A2E9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:crs:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B051AF4-592A-4201-9DD3-8683C1847A00",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-1_16-slot_line_card_chassis:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A5D5476-202C-476C-BC43-C0A963C99079",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-1_16-slot_single-shelf_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0F7E3D1-B738-4B69-AB38-3A273F454B9A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-1_4-slot_single-shelf_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2039DB3-F6BA-434D-A395-41DF7B641E4D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-1_8-slot_line_card_chassis:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C078ABAD-0E35-481F-8096-FDD40451A318",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-1_8-slot_single-shelf_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A8B9BF-E548-4CD9-AEC0-7030B89C4A32",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-1_fabric_card_chassis:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "941333EC-86D4-43AC-BD9A-D286B2276C95",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-1_line_card_chassis_\\(dual\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD07CEAB-98E4-4FEE-BFA4-ADA520F7A61F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-1_line_card_chassis_\\(multi\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE33AF1E-5E5C-43A1-B2E3-28E823C47E99",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-1_multishelf_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BBA0BE4-ED73-4B8C-BE53-5A2AB76981D0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-3_16-slot_single-shelf_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76F8EEEF-085A-49A5-A50E-24922B300F75",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-3_4-slot_single-shelf_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "10698948-E6E0-4C9B-9CB9-3626E4076336",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-3_8-slot_single-shelf_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "40EF0D7E-FB4E-433A-A983-34E44E790542",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-3_multishelf_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "15448B60-0A19-477C-A08A-17578CF7C92C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-8\\/s-b_crs:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D31F6ED1-B20E-44CA-A74B-9D767EDF045F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-8\\/scrs:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BDEC7F0-D4D5-45F0-89A4-49C596318C01",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62F5E007-0CB6-424C-9AE8-01618C8C44E0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-x_16-slot_single-shelf_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16770F6C-539D-4B65-9C52-60F008C283D2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs-x_multishelf_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4F47E9F-D7BA-49B9-8070-1BC610B6AE2D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:crs_performance_route_processor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6D383DA-04D7-4789-B7F7-B31FD645BA8F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en la funcionalidad Distance Vector Multicast Routing Protocol (DVMRP) del Cisco IOS XR Software, podr\u00edan permitir a un atacante remoto no autenticado bloquear inmediatamente el Internet Group Management Protocol (IGMP) o lo haga consumir la memoria disponible y finalmente bloquearlo.\u0026#xa0;El consumo de memoria puede afectar negativamente a otros procesos que son ejecutados en el dispositivo.\u0026#xa0;Estas vulnerabilidades son debido al manejo incorrecto de paquetes IGMP.\u0026#xa0;Un atacante podr\u00eda explotar estas vulnerabilidades mediante el env\u00edo de un tr\u00e1fico IGMP dise\u00f1ado hacia un dispositivo afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante bloquear inmediatamente el proceso IGMP o causar el agotamiento de la memoria, resultando en que otros procesos se vuelvan inestables.\u0026#xa0;Estos procesos pueden incluir, pero no se limitan a, protocolos de enrutamiento interior y exterior. Cisco emitir\u00e1 actualizaciones de software que abordan estas vulnerabilidades"
    }
  ],
  "id": "CVE-2020-3569",
  "lastModified": "2024-11-21T05:31:20.100",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-23T01:15:15.503",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-05-31 10:17
Modified
2024-11-21 01:39
Severity ?
Summary
Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.
References
ykramarz@cisco.comhttp://secunia.com/advisories/49329
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxrVendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/53728
ykramarz@cisco.comhttp://www.securitytracker.com/id?1027104
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49329
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxrVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53728
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1027104
Impacted products
Vendor Product Version
cisco ios_xr *
cisco asr_9000_rsp440_router -
cisco ios_xr 4.0.3
cisco ios_xr 4.0.4
cisco ios_xr 4.1
cisco ios_xr 4.1.1
cisco ios_xr 4.1.2
cisco ios_xr 4.2.0
cisco crs_performance_route_processor -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C513C0-97CB-4F5A-9942-5AF48742BDA9",
              "versionEndIncluding": "4.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:asr_9000_rsp440_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A580194-1B06-4D71-B618-345046DBA9C6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39F8B336-0DFA-41CE-9EFF-89A09BBDC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A1D1B60-C94F-44BF-8194-7758394E31C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06E63681-C89F-4569-A52C-B870D48E436C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E593EF3-133A-4E15-9B86-6B451F5C0159",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB49EB2-2D99-4C45-80B7-48299A1EBF30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB6ABB63-E2D2-42F7-B648-BF6002D1C05E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:crs_performance_route_processor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6D383DA-04D7-4789-B7F7-B31FD645BA8F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593."
    },
    {
      "lang": "es",
      "value": "Cisco IOS XR anteriores a v4.2.1 en dispositivos ASR series 900 y dispositivos CRS, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (transmisi\u00f3n de paquetes cortados) a trav\u00e9s de un paquete manipulado, tambi\u00e9n conocido como Bug IDs CSCty94537 y  CSCtz62593."
    }
  ],
  "evaluatorImpact": "Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr\r\n\r\n\u0027Affected Products\r\nThis vulnerability affects IOS XR Software version 4.2.0 running on the Cisco ASR 9000 Series RSP440. It also affects IOS XR Software versions 4.0.3, 4.0.4, 4.1.0, 4.1.1, 4.1.2, and 4.2.0 running on the CRS Performance Route Processor.\u0027",
  "id": "CVE-2012-2488",
  "lastModified": "2024-11-21T01:39:08.737",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-31T10:17:38.763",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://secunia.com/advisories/49329"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/53728"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id?1027104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53728"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027104"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2012-2488
Vulnerability from cvelistv5
Published
2012-05-31 10:00
Modified
2024-08-06 19:34
Severity ?
Summary
Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.
References
http://secunia.com/advisories/49329third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1027104vdb-entry, x_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxrvendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/bid/53728vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:34:25.772Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "49329",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49329"
          },
          {
            "name": "1027104",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027104"
          },
          {
            "name": "20120530 Cisco IOS XR Software Route Processor Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr"
          },
          {
            "name": "53728",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53728"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-05-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-08-18T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "49329",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49329"
        },
        {
          "name": "1027104",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027104"
        },
        {
          "name": "20120530 Cisco IOS XR Software Route Processor Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr"
        },
        {
          "name": "53728",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53728"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2012-2488",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "49329",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49329"
            },
            {
              "name": "1027104",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027104"
            },
            {
              "name": "20120530 Cisco IOS XR Software Route Processor Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr"
            },
            {
              "name": "53728",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53728"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2012-2488",
    "datePublished": "2012-05-31T10:00:00",
    "dateReserved": "2012-05-07T00:00:00",
    "dateUpdated": "2024-08-06T19:34:25.772Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-3569
Vulnerability from cvelistv5
Published
2020-09-23 00:25
Modified
2024-11-08 16:09
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfzvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:37:55.472Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200829 Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3569",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T16:08:35.328890Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3569"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T16:09:50.094Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XR Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-08-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "On August 28, 2020, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of these vulnerabilities in the wild. For affected products, Cisco recommends implementing a mitigation that is appropriate for the customer\u2019s environment."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-23T00:25:17",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200829 Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz"
        }
      ],
      "source": {
        "advisory": "cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz",
        "defect": [
          [
            "CSCvr86414",
            "CSCvv54838"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-08-29T03:00:00",
          "ID": "CVE-2020-3569",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS XR Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "On August 28, 2020, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of these vulnerabilities in the wild. For affected products, Cisco recommends implementing a mitigation that is appropriate for the customer\u2019s environment."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.6",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200829 Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz",
          "defect": [
            [
              "CSCvr86414",
              "CSCvv54838"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3569",
    "datePublished": "2020-09-23T00:25:17.287176Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-08T16:09:50.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}