CVE-2020-3508

Published: Sep 24, 2020Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 4.0

Source: NVD

Description

A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this vulnerability by sending a malicious series of IP ARP messages to an affected device. A successful exploit could allow the attacker to exhaust system resources, which would eventually cause the affected device to reload.

Affected (6)

Products: Cisco: Ios Xe

Cisco

1 product

Ios Xe

Configuration A

4 vulnerable · 101 platform

Vulnerable Software	Affected Versions
Cisco Ios Xe	Version 16.3.1
Cisco Ios Xe	Version 16.6.5
Cisco Ios Xe	Version 16.7(1)
Cisco Ios Xe	Version 17.1.1

Running on/with	Platform Versions
Cisco 1000v	All versions
Cisco 4321 Integrated Services Router	All versions
Cisco 4331 Integrated Services Router	All versions
Cisco 4351 Integrated Services Router	All versions
Cisco Asr 1000	All versions
Cisco Asr 1001 Hx	All versions
Cisco Asr 1002 Hx	All versions
Cisco Catalyst 3650 12x48fd E	All versions
Cisco Catalyst 3650 12x48fd L	All versions
Cisco Catalyst 3650 12x48fd S	All versions
Cisco Catalyst 3650 24pd E	All versions
Cisco Catalyst 3650 24pd L	All versions
Cisco Catalyst 3650 24pd S	All versions
Cisco Catalyst 3650 24pdm E	All versions
Cisco Catalyst 3650 24pdm L	All versions
Cisco Catalyst 3650 24pdm S	All versions
Cisco Catalyst 3650 24ps E	All versions
Cisco Catalyst 3650 24ps L	All versions
Cisco Catalyst 3650 24ps S	All versions
Cisco Catalyst 3650 24td E	All versions
Cisco Catalyst 3650 24td L	All versions
Cisco Catalyst 3650 24td S	All versions
Cisco Catalyst 3650 24ts E	All versions
Cisco Catalyst 3650 24ts L	All versions
Cisco Catalyst 3650 24ts S	All versions
Cisco Catalyst 3650 48fd E	All versions
Cisco Catalyst 3650 48fd L	All versions
Cisco Catalyst 3650 48fd S	All versions
Cisco Catalyst 3650 48fq E	All versions
Cisco Catalyst 3650 48fq L	All versions
Cisco Catalyst 3650 48fq S	All versions
Cisco Catalyst 3650 48fqm E	All versions
Cisco Catalyst 3650 48fqm L	All versions
Cisco Catalyst 3650 48fqm S	All versions
Cisco Catalyst 3650 48fs E	All versions
Cisco Catalyst 3650 48fs L	All versions
Cisco Catalyst 3650 48fs S	All versions
Cisco Catalyst 3650 48pd E	All versions
Cisco Catalyst 3650 48pd L	All versions
Cisco Catalyst 3650 48pd S	All versions
Cisco Catalyst 3650 48pq E	All versions
Cisco Catalyst 3650 48pq L	All versions
Cisco Catalyst 3650 48pq S	All versions
Cisco Catalyst 3650 48ps E	All versions
Cisco Catalyst 3650 48ps L	All versions
Cisco Catalyst 3650 48ps S	All versions
Cisco Catalyst 3650 48td E	All versions
Cisco Catalyst 3650 48td L	All versions
Cisco Catalyst 3650 48td S	All versions
Cisco Catalyst 3650 48tq E	All versions
Cisco Catalyst 3650 48tq L	All versions
Cisco Catalyst 3650 48tq S	All versions
Cisco Catalyst 3650 48ts E	All versions
Cisco Catalyst 3650 48ts L	All versions
Cisco Catalyst 3650 48ts S	All versions
Cisco Catalyst 3650 8x24pd E	All versions
Cisco Catalyst 3650 8x24pd L	All versions
Cisco Catalyst 3650 8x24pd S	All versions
Cisco Catalyst 3850 12s E	All versions
Cisco Catalyst 3850 12s S	All versions
Cisco Catalyst 3850 12xs E	All versions
Cisco Catalyst 3850 12xs S	All versions
Cisco Catalyst 3850 16xs E	All versions
Cisco Catalyst 3850 16xs S	All versions
Cisco Catalyst 3850 24p E	All versions
Cisco Catalyst 3850 24p L	All versions
Cisco Catalyst 3850 24p S	All versions
Cisco Catalyst 3850 24s E	All versions
Cisco Catalyst 3850 24s S	All versions
Cisco Catalyst 3850 24t E	All versions
Cisco Catalyst 3850 24t L	All versions
Cisco Catalyst 3850 24t S	All versions
Cisco Catalyst 3850 24u E	All versions
Cisco Catalyst 3850 24u L	All versions
Cisco Catalyst 3850 24u S	All versions
Cisco Catalyst 3850 24xs E	All versions
Cisco Catalyst 3850 24xs S	All versions
Cisco Catalyst 3850 24xu E	All versions
Cisco Catalyst 3850 24xu L	All versions
Cisco Catalyst 3850 24xu S	All versions
Cisco Catalyst 3850 32xs E	All versions
Cisco Catalyst 3850 32xs S	All versions
Cisco Catalyst 3850 48f E	All versions
Cisco Catalyst 3850 48f L	All versions
Cisco Catalyst 3850 48f S	All versions
Cisco Catalyst 3850 48p E	All versions
Cisco Catalyst 3850 48p L	All versions
Cisco Catalyst 3850 48p S	All versions
Cisco Catalyst 3850 48t E	All versions
Cisco Catalyst 3850 48t L	All versions
Cisco Catalyst 3850 48t S	All versions
Cisco Catalyst 3850 48u E	All versions
Cisco Catalyst 3850 48u L	All versions
Cisco Catalyst 3850 48u S	All versions
Cisco Catalyst 3850 48xs E	All versions
Cisco Catalyst 3850 48xs F E	All versions
Cisco Catalyst 3850 48xs F S	All versions
Cisco Catalyst 3850 48xs S	All versions
Cisco Catalyst C3850 12x48u E	All versions
Cisco Catalyst C3850 12x48u L	All versions
Cisco Catalyst C3850 12x48u S	All versions

Configuration B

2 vulnerable · 39 platform

Vulnerable Software	Affected Versions
Cisco Ios Xe	Version 16.9.1
Cisco Ios Xe	Version 17.4.1

Running on/with	Platform Versions
Cisco 1100 4g Integrated Services Router	All versions
Cisco 1100 4gltegb Integrated Services Router	All versions
Cisco 1100 4gltena Integrated Services Router	All versions
Cisco 1100 4p Integrated Services Router	All versions
Cisco 1100 6g Integrated Services Router	All versions
Cisco 1100 8p Integrated Services Router	All versions
Cisco 1100 Lte Integrated Services Router	All versions
Cisco 1100 Integrated Services Router	All versions
Cisco 1101 4p Integrated Services Router	All versions
Cisco 1101 Integrated Services Router	All versions
Cisco 1109 2p Integrated Services Router	All versions
Cisco 1109 4p Integrated Services Router	All versions
Cisco 1109 Integrated Services Router	All versions
Cisco 1111x 8p Integrated Services Router	All versions
Cisco 1111x Integrated Services Router	All versions
Cisco 111x Integrated Services Router	All versions
Cisco 1120 Integrated Services Router	All versions
Cisco 1160 Integrated Services Router	All versions
Cisco 4321/k9 Rf Integrated Services Router	All versions
Cisco 4321/k9 Ws Integrated Services Router	All versions
Cisco 4321/k9 Integrated Services Router	All versions
Cisco 4331/k9 Rf Integrated Services Router	All versions
Cisco 4331/k9 Ws Integrated Services Router	All versions
Cisco 4331/k9 Integrated Services Router	All versions
Cisco 4351/k9 Rf Integrated Services Router	All versions
Cisco 4351/k9 Ws Integrated Services Router	All versions
Cisco 4351/k9 Integrated Services Router	All versions
Cisco 4431 Integrated Services Router	All versions
Cisco 4461 Integrated Services Router	All versions
Cisco Asr 1000 X	All versions
Cisco Asr 1001	All versions
Cisco Asr 1001 X	All versions
Cisco Asr 1002	All versions
Cisco Asr 1002 X	All versions
Cisco Asr 1004	All versions
Cisco Asr 1006	All versions
Cisco Asr 1013	All versions
Cisco Asr 1023	All versions
Cisco Csr1000v	All versions

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esp20-arp-dos-GvHVggqJ

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esp20-arp-dos-GvHVggqJ

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.