CVE-2020-3566 — Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
2021-11-03 • CISA Known Exploited Vulnerability
[event] Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Cisco |
| Product | IOS XR |
| CWE | CWE-400 |
| CVE ID | CVE-2020-3566 |
| Date Added | 2021-11-03 |
| Due Date | 2022-05-03 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-05-03