CVE-2020-3190

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software (affected versions not specified)

Description The issue is related to the implementation of the IPsec protocol set in Cisco IOS XR Software, which is associated with uncontrolled resource consumption. This could allow a remote attacker to cause a denial of service (DoS) condition for IPsec sessions to an affected device. The vulnerability is due to improper handling of packets by the IPsec packet processor. An attacker could exploit this vulnerability by sending malicious ICMP error messages to an affected device that get processed by the IPsec packet processor, potentially depleting IPsec memory and causing all future IPsec packets to an affected device to be dropped. Manual intervention is required to recover from this situation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.