CVE-2020-3566
moderate-risk
Published 2020-08-29
A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability.
Do I need to act?
~
2.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (3)
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-...
47
/ 100
moderate-risk
Severity
29/34 · Critical
Exploitability
13/34 · Low
Exposure
5/34 · Minimal