CVE-2020-3190Uncontrolled Resource Consumption in Cisco IOS XR Software

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
5.8MEDIUMNVD
EPSS
1.0%
top 23.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedMar 4
Latest updateMay 24

Description

A vulnerability in the IPsec packet processor of Cisco IOS XR Software could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition for IPsec sessions to an affected device. The vulnerability is due to improper handling of packets by the IPsec packet processor. An attacker could exploit this vulnerability by sending malicious ICMP error messages to an affected device that get punted to the IPsec packet processor. A successful exploit could allow the attacker to dep

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_softwareunspecifiedn/a
NVDcisco/ios_xr6.6.06.6.3+3

🔴Vulnerability Details

2
GHSA
GHSA-vf9r-m8g7-gv2c: A vulnerability in the IPsec packet processor of Cisco IOS XR Software could allow an unauthenticated remote attacker to cause a denial of service (Do2022-05-24
CVEList
Cisco IOS XR Software IPsec Packet Processor Denial of Service Vulnerability2020-03-04

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software IPsec Packet Processor Denial of Service Vulnerability2020-03-04
CVE-2020-3190 — Uncontrolled Resource Consumption | cvebase