CVE-2020-3508

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers (affected versions not specified)

Description A vulnerability in the IP Address Resolution Protocol (ARP) feature could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The issue is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this by sending a malicious series of IP ARP messages to an affected device, potentially exhausting system resources and causing the device to reload.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.