Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HCisco Asr 9000v
HWCiscowszystkie wersjeCisco Asr 9001
HWCiscowszystkie wersjeCisco Asr 9006
HWCiscowszystkie wersjeCisco Asr 9010
HWCiscowszystkie wersjeCisco Asr 9901
HWCiscowszystkie wersjeCisco Asr 9903
HWCiscowszystkie wersjeCisco Asr 9904
HWCiscowszystkie wersjeCisco Asr 9906
HWCiscowszystkie wersjeCisco Asr 9910
HWCiscowszystkie wersjeCisco Asr 9912
HWCiscowszystkie wersjeCisco Asr 9922
HWCiscowszystkie wersjeCisco Crs
HWCiscowszystkie wersjeCisco Crs 1 16 Slot Line Card Chassis
HWCiscowszystkie wersjeCisco Crs 1 16 Slot Single Shelf System
HWCiscowszystkie wersjeCisco Crs 1 4 Slot Single Shelf System
HWCiscowszystkie wersjeCisco Crs 1 8 Slot Line Card Chassis
HWCiscowszystkie wersjeCisco Crs 1 8 Slot Single Shelf System
HWCiscowszystkie wersjeCisco Crs 1 Fabric Card Chassis
HWCiscowszystkie wersjeCisco Crs 1 Line Card Chassis \(dual\)
HWCiscowszystkie wersjeCisco Crs 1 Line Card Chassis \(multi\)
HWCiscowszystkie wersjeCisco Crs 1 Multishelf System
HWCiscowszystkie wersjeCisco Crs 3 16 Slot Single Shelf System
HWCiscowszystkie wersjeCisco Crs 3 4 Slot Single Shelf System
HWCiscowszystkie wersjeCisco Crs 3 8 Slot Single Shelf System
HWCiscowszystkie wersjeCisco Crs 3 Multishelf System
HWCiscowszystkie wersjeCisco Crs 8\/s B Crs
HWCiscowszystkie wersjeCisco Crs 8\/scrs
HWCiscowszystkie wersjeCisco Crs Performance Route Processor
HWCiscowszystkie wersjeCisco Crs X
HWCiscowszystkie wersjeCisco Crs X 16 Slot Single Shelf System
HWCiscowszystkie wersje
CISA KEV — szczegółyi
- Dostawcai
- Cisco ↗
- Produkti
- IOS XR
- Data dodania do KEVi
- 3 listopada 2021
- Termin remediation (USA)i
- 3 maja 2022(po terminie)
Zastosuj aktualizacje zgodnie z instrukcjami dostawcy.
▸ Pokaż oryginał (EN)
Apply updates per vendor instructions.
Protokół Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) nieprawidłowo obsługuje pakiety Internet Group Management Protocol (IGMP). Eksploatacja mogła pozwolić nieuwierzytelnionemu, zdalnemu atakującemu natychmiast zawiesić proces IGMP lub sprawić, że będzie konsumować dostępną pamięć i ostatecznie się zawiesi.
▸ Pokaż oryginał (EN)
Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.
Powiązane podatności
The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability tha...
RCE w web services Cisco ASA, FTD, IOS, IOS XE, IOS XR przez HTTP
A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Softwa...
A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers run...
A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software cou...