CVE-2020-3566 — Vulnetix

CVE-2020-3566 PUBLISHED KEV CVSS 8.600000381469727 HIGH

A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability.

EPSS 2.14% · 84.6th percentile

Risk Scores

CVSS 3.1

8.600000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Score

2.14%

84.6th percentile

Affected Products

Vendor	Product	Versions
cisco	ios_xr	6.4.2, 6.4.2, 6.4.2
Cisco	Cisco IOS XR Software	n/a, n/a

Exploit Intelligence

CIRCL seen: CVE-2020-3569 (circl-sighting)
CIRCL exploited: CVE-2020-3569 (circl-sighting)
CIRCL seen: CVE-2020-3569 (circl-sighting)
CIRCL seen: CVE-2020-3569 (circl-sighting)
CIRCL seen: CVE-2020-3569 (circl-sighting)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3569 (circl)
CIRCL seen: CVE-2020-3566 (circl-sighting)
CIRCL seen: CVE-2020-3566 (circl-sighting)
CIRCL seen: CVE-2020-3566 (circl-sighting)
CIRCL seen: CVE-2020-3566 (circl-sighting)

…and 18 more exploits

Timeline

Aug 29, 2020 VulnCheck KEV Exploitation
Aug 29, 2020 CVE Published
Aug 31, 2020 PoC Published
Apr 14, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Nov 3, 2021 CISA KEV Added
Nov 8, 2021 PoC Published
Nov 20, 2021 PoC Published
Jan 6, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score

References

Open in Interactive Console →