CVE-2020-3566

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software (affected versions not specified)

Description: The issue is related to the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software, which could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. This is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this by sending crafted IGMP traffic to an affected device, potentially causing memory exhaustion and instability of other processes, including interior and exterior routing protocols. Cisco has noted that the vulnerability is being exploited in the wild.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.