CVE-2020-3569
Summary
| CVE | CVE-2020-3569 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-09-23 01:15:00 UTC |
| Updated | 2023-11-07 03:22:00 UTC |
| Description | Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities. |
Risk And Classification
EPSS: 0.047110000 probability, percentile 0.893300000 (date 2026-04-01)
CISA KEV: Listed on 2021-11-03; due 2022-05-03; ransomware use Unknown
Problem Types: CWE-770
CISA Known Exploited Vulnerability
| Vendor | Cisco |
|---|---|
| Product | IOS XR |
| Name | Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://nvd.nist.gov/vuln/detail/CVE-2020-3569 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | 8201 | - | All | All | All |
| Hardware | Cisco | 8201 | - | All | All | All |
| Hardware | Cisco | 8202 | - | All | All | All |
| Hardware | Cisco | 8202 | - | All | All | All |
| Hardware | Cisco | 8808 | - | All | All | All |
| Hardware | Cisco | 8808 | - | All | All | All |
| Hardware | Cisco | 8812 | - | All | All | All |
| Hardware | Cisco | 8812 | - | All | All | All |
| Hardware | Cisco | 8818 | - | All | All | All |
| Hardware | Cisco | 8818 | - | All | All | All |
| Hardware | Cisco | Asr 9000v | - | All | All | All |
| Hardware | Cisco | Asr 9000v | - | All | All | All |
| Hardware | Cisco | Asr 9001 | - | All | All | All |
| Hardware | Cisco | Asr 9001 | - | All | All | All |
| Hardware | Cisco | Asr 9006 | - | All | All | All |
| Hardware | Cisco | Asr 9006 | - | All | All | All |
| Hardware | Cisco | Asr 9010 | - | All | All | All |
| Hardware | Cisco | Asr 9010 | - | All | All | All |
| Hardware | Cisco | Asr 9901 | - | All | All | All |
| Hardware | Cisco | Asr 9901 | - | All | All | All |
| Hardware | Cisco | Asr 9903 | - | All | All | All |
| Hardware | Cisco | Asr 9903 | - | All | All | All |
| Hardware | Cisco | Asr 9904 | - | All | All | All |
| Hardware | Cisco | Asr 9904 | - | All | All | All |
| Hardware | Cisco | Asr 9906 | - | All | All | All |
| Hardware | Cisco | Asr 9906 | - | All | All | All |
| Hardware | Cisco | Asr 9910 | - | All | All | All |
| Hardware | Cisco | Asr 9910 | - | All | All | All |
| Hardware | Cisco | Asr 9912 | - | All | All | All |
| Hardware | Cisco | Asr 9912 | - | All | All | All |
| Hardware | Cisco | Asr 9922 | - | All | All | All |
| Hardware | Cisco | Asr 9922 | - | All | All | All |
| Operating System | Cisco | Ios Xr | - | All | All | All |
| Operating System | Cisco | Ios Xr | - | All | All | All |
| Hardware | Cisco | Ios Xrv 9000 Router | - | All | All | All |
| Hardware | Cisco | Ios Xrv 9000 Router | - | All | All | All |
| Hardware | Cisco | Ncs 5001 | - | All | All | All |
| Hardware | Cisco | Ncs 5001 | - | All | All | All |
| Hardware | Cisco | Ncs 5002 | - | All | All | All |
| Hardware | Cisco | Ncs 5002 | - | All | All | All |
| Hardware | Cisco | Ncs 5011 | - | All | All | All |
| Hardware | Cisco | Ncs 5011 | - | All | All | All |
| Hardware | Cisco | Ncs 520 | - | All | All | All |
| Hardware | Cisco | Ncs 520 | - | All | All | All |
| Hardware | Cisco | Ncs 540 | - | All | All | All |
| Hardware | Cisco | Ncs 540 | - | All | All | All |
| Hardware | Cisco | Ncs 5501 | - | All | All | All |
| Hardware | Cisco | Ncs 5501 | se | All | All | All |
| Hardware | Cisco | Ncs 5501 | - | All | All | All |
| Hardware | Cisco | Ncs 5501 | se | All | All | All |
| Hardware | Cisco | Ncs 5502 | - | All | All | All |
| Hardware | Cisco | Ncs 5502 | se | All | All | All |
| Hardware | Cisco | Ncs 5502 | - | All | All | All |
| Hardware | Cisco | Ncs 5502 | se | All | All | All |
| Hardware | Cisco | Ncs 5508 | - | All | All | All |
| Hardware | Cisco | Ncs 5508 | - | All | All | All |
| Hardware | Cisco | Ncs 5516 | - | All | All | All |
| Hardware | Cisco | Ncs 5516 | - | All | All | All |
| Hardware | Cisco | Ncs 560 | - | All | All | All |
| Hardware | Cisco | Ncs 560 | - | All | All | All |
| Hardware | Cisco | Ncs 6008 | - | All | All | All |
| Hardware | Cisco | Ncs 6008 | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities | CISCO | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.