Cyber Resilience

CVE-2020-3566

HighCISA KEVActive ExploitationEUVD ExploitedDDoS

Published: 29 August 2020

Published
29 August 2020
Modified
28 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0214 84.6th percentile
Risk Priority 38 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-3566 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Cisco Ios Xr. Its CVSS base score is 8.6 (High).

Operationally, ranked in the top 15.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-7 (Boundary Protection).

Deeper analysis

A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software allows an unauthenticated remote attacker to exhaust process memory on an affected device. The issue stems from insufficient queue management for Internet Group Management Protocol (IGMP) packets and is tracked under CWE-400 and CWE-770. Successful exploitation can destabilize other processes, including interior and exterior routing protocols. The flaw carries a CVSS 3.1 score of 8.6 with network attack vector, no required privileges or user interaction, and changed scope affecting availability.

An attacker can trigger the condition simply by sending crafted IGMP traffic to a reachable device running the vulnerable software. No authentication or local access is needed, enabling remote exploitation over the network that leads to memory exhaustion and potential denial of service against routing functions.

Cisco has published software updates to address the vulnerability in the associated security advisory. The flaw also appears in CISA's catalog of known exploited vulnerabilities, indicating confirmed in-the-wild activity.

EU & UK References

Vulnerability details

A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet…

more

Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ios xr
6.4.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires mechanisms to protect against or limit effects of denial-of-service attacks that exhaust resources via crafted network traffic such as IGMP.

prevent

Enforces boundary filtering and traffic control to block or rate-limit unauthenticated IGMP packets before they reach the DVMRP process.

prevent

Requires timely application of vendor patches that remediate the insufficient IGMP queue management flaw in IOS XR.

References