A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HCisco Asr 9001
HWCiscowszystkie wersjeCisco Asr 9006
HWCiscowszystkie wersjeCisco Asr 9010
HWCiscowszystkie wersjeCisco Asr 9901
HWCiscowszystkie wersjeCisco Asr 9904
HWCiscowszystkie wersjeCisco Asr 9906
HWCiscowszystkie wersjeCisco Asr 9910
HWCiscowszystkie wersjeCisco Asr 9912
HWCiscowszystkie wersjeCisco Asr 9922
HWCiscowszystkie wersjeCisco IOS XR
OSCisco6.4.2
CISA KEV — szczegółyi
- Dostawcai
- Cisco ↗
- Produkti
- IOS XR
- Data dodania do KEVi
- 3 listopada 2021
- Termin remediation (USA)i
- 3 maja 2022(po terminie)
Zastosuj aktualizacje zgodnie z instrukcjami producenta.
▸ Pokaż oryginał (EN)
Apply updates per vendor instructions.
Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) nieprawidłowo obsługuje pakiety Internet Group Management Protocol (IGMP). Eksploatacja mogłaby umożliwić niezauwierzytelnionemu atakującemu z sieci dostęp do natychmiastowego zawieszenia procesu IGMP lub spowodowania nadmiernego zużycia dostępnej pamięci, co w efekcie doprowadzi do awarii.
▸ Pokaż oryginał (EN)
Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.
Powiązane podatności
The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability tha...
RCE w web services Cisco ASA, FTD, IOS, IOS XE, IOS XR przez HTTP
A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Softwa...
A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers run...
Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Sof...