CVE-2020-3569
Published: 23 September 2020
Summary
CVE-2020-3569 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Cisco Ios Xr. Its CVSS base score is 8.6 (High).
Operationally, ranked in the top 10.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerabilities identified as CVE-2020-3569 reside in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software. They are caused by incorrect handling of IGMP packets and are assigned CWE-400 and CWE-770. Successful exploitation can cause the IGMP process to crash immediately or to consume memory until it crashes, with secondary effects on other processes running on the device.
An unauthenticated remote attacker can trigger the flaws by sending crafted IGMP traffic. The resulting denial-of-service condition may render interior and exterior routing protocols unstable in addition to the IGMP process itself. The CVSS 3.1 score is 8.6 with an attack vector of network, low complexity, and no required privileges or user interaction.
Cisco has published software updates that correct the packet-handling errors, as described in advisory cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz. The issue is also tracked in CISA’s Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-24840
Vulnerability details
Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and…
more
eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires application of the vendor software updates that correct the IGMP packet-handling flaws described in the CVE.
Explicitly addresses protection against denial-of-service conditions caused by crafted network traffic targeting the IGMP/DVMRP implementation.
Requires validation of incoming IGMP packets, mitigating the root cause of the memory-exhaustion and crash flaws (CWE-400/770).