CVE-2025-20189
Description
A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper memory management when Cisco IOS XE Software is processing Address Resolution Protocol (ARP) messages. An attacker could exploit this vulnerability by sending crafted ARP messages at a high rate over a period of time to an affected device. A successful exploit could allow the attacker to exhaust system resources, which eventually triggers a reload of the active route switch processor (RSP). If a redundant RSP is not present, the router reloads.
CVSS Details
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Threat Intelligence
Weaknesses 1
Affected Products 267
| Vendor | Product | Version | Range |
|---|---|---|---|
| cisco | ios_xe | 3.16.0cs | any |
| cisco | ios_xe | 3.16.0s | any |
| cisco | ios_xe | 3.16.1as | any |
| cisco | ios_xe | 3.16.1s | any |
| cisco | ios_xe | 3.16.2as | any |
| cisco | ios_xe | 3.16.2bs | any |
| cisco | ios_xe | 3.16.2s | any |
| cisco | ios_xe | 3.16.3as | any |
| cisco | ios_xe | 3.16.3s | any |
| cisco | ios_xe | 3.16.4as | any |
| cisco | ios_xe | 3.16.4bs | any |
| cisco | ios_xe | 3.16.4ds | any |
| cisco | ios_xe | 3.16.4s | any |
| cisco | ios_xe | 3.16.5s | any |
| cisco | ios_xe | 3.16.6bs | any |
| cisco | ios_xe | 3.16.6s | any |
| cisco | ios_xe | 3.16.7as | any |
| cisco | ios_xe | 3.16.7bs | any |
| cisco | ios_xe | 3.16.7s | any |
| cisco | ios_xe | 3.16.8s | any |
| cisco | ios_xe | 3.16.9s | any |
| cisco | ios_xe | 3.16.10s | any |
| cisco | ios_xe | 3.17.0s | any |
| cisco | ios_xe | 3.17.1as | any |
| cisco | ios_xe | 3.17.1s | any |
| cisco | ios_xe | 3.17.2s | any |
| cisco | ios_xe | 3.17.3s | any |
| cisco | ios_xe | 3.17.4s | any |
| cisco | ios_xe | 3.18.0as | any |
| cisco | ios_xe | 3.18.0s | any |
| cisco | ios_xe | 3.18.0sp | any |
| cisco | ios_xe | 3.18.1asp | any |
| cisco | ios_xe | 3.18.1bsp | any |
| cisco | ios_xe | 3.18.1csp | any |
| cisco | ios_xe | 3.18.1s | any |
| cisco | ios_xe | 3.18.1sp | any |
| cisco | ios_xe | 3.18.2asp | any |
| cisco | ios_xe | 3.18.2s | any |
| cisco | ios_xe | 3.18.2sp | any |
| cisco | ios_xe | 3.18.3asp | any |
| cisco | ios_xe | 3.18.3bsp | any |
| cisco | ios_xe | 3.18.3s | any |
| cisco | ios_xe | 3.18.3sp | any |
| cisco | ios_xe | 3.18.4s | any |
| cisco | ios_xe | 3.18.4sp | any |
| cisco | ios_xe | 3.18.5sp | any |
| cisco | ios_xe | 3.18.6sp | any |
| cisco | ios_xe | 3.18.7sp | any |
| cisco | ios_xe | 3.18.8asp | any |
| cisco | ios_xe | 3.18.9sp | any |
| cisco | ios_xe | 16.1.1 | any |
| cisco | ios_xe | 16.1.2 | any |
| cisco | ios_xe | 16.1.3 | any |
| cisco | ios_xe | 16.2.1 | any |
| cisco | ios_xe | 16.2.2 | any |
| cisco | ios_xe | 16.3.1 | any |
| cisco | ios_xe | 16.3.1a | any |
| cisco | ios_xe | 16.3.2 | any |
| cisco | ios_xe | 16.3.3 | any |
| cisco | ios_xe | 16.3.4 | any |
| cisco | ios_xe | 16.3.5 | any |
| cisco | ios_xe | 16.3.5b | any |
| cisco | ios_xe | 16.3.6 | any |
| cisco | ios_xe | 16.3.7 | any |
| cisco | ios_xe | 16.3.8 | any |
| cisco | ios_xe | 16.3.9 | any |
| cisco | ios_xe | 16.3.10 | any |
| cisco | ios_xe | 16.3.11 | any |
| cisco | ios_xe | 16.4.1 | any |
| cisco | ios_xe | 16.4.2 | any |
| cisco | ios_xe | 16.4.3 | any |
| cisco | ios_xe | 16.5.1 | any |
| cisco | ios_xe | 16.5.1a | any |
| cisco | ios_xe | 16.5.1b | any |
| cisco | ios_xe | 16.5.2 | any |
| cisco | ios_xe | 16.5.3 | any |
| cisco | ios_xe | 16.6.1 | any |
| cisco | ios_xe | 16.6.2 | any |
| cisco | ios_xe | 16.6.3 | any |
| cisco | ios_xe | 16.6.4 | any |
| cisco | ios_xe | 16.6.4a | any |
| cisco | ios_xe | 16.6.5 | any |
| cisco | ios_xe | 16.6.5a | any |
| cisco | ios_xe | 16.6.6 | any |
| cisco | ios_xe | 16.6.7 | any |
| cisco | ios_xe | 16.6.8 | any |
| cisco | ios_xe | 16.6.9 | any |
| cisco | ios_xe | 16.6.10 | any |
| cisco | ios_xe | 16.7.1 | any |
| cisco | ios_xe | 16.7.1a | any |
| cisco | ios_xe | 16.7.1b | any |
| cisco | ios_xe | 16.7.2 | any |
| cisco | ios_xe | 16.7.3 | any |
| cisco | ios_xe | 16.7.4 | any |
| cisco | ios_xe | 16.8.1 | any |
| cisco | ios_xe | 16.8.1a | any |
| cisco | ios_xe | 16.8.1b | any |
| cisco | ios_xe | 16.8.1c | any |
| cisco | ios_xe | 16.8.1d | any |
| cisco | ios_xe | 16.8.1e | any |
| cisco | ios_xe | 16.8.1s | any |
| cisco | ios_xe | 16.8.2 | any |
| cisco | ios_xe | 16.8.3 | any |
| cisco | ios_xe | 16.9.1 | any |
| cisco | ios_xe | 16.9.1a | any |
| cisco | ios_xe | 16.9.1b | any |
| cisco | ios_xe | 16.9.1s | any |
| cisco | ios_xe | 16.9.2 | any |
| cisco | ios_xe | 16.9.3 | any |
| cisco | ios_xe | 16.9.3a | any |
| cisco | ios_xe | 16.9.4 | any |
| cisco | ios_xe | 16.9.5 | any |
| cisco | ios_xe | 16.9.5f | any |
| cisco | ios_xe | 16.9.6 | any |
| cisco | ios_xe | 16.9.7 | any |
| cisco | ios_xe | 16.9.8 | any |
| cisco | ios_xe | 16.10.1 | any |
| cisco | ios_xe | 16.10.1a | any |
| cisco | ios_xe | 16.10.1b | any |
| cisco | ios_xe | 16.10.1c | any |
| cisco | ios_xe | 16.10.1d | any |
| cisco | ios_xe | 16.10.1e | any |
| cisco | ios_xe | 16.10.1f | any |
| cisco | ios_xe | 16.10.1g | any |
| cisco | ios_xe | 16.10.1s | any |
| cisco | ios_xe | 16.10.2 | any |
| cisco | ios_xe | 16.10.3 | any |
| cisco | ios_xe | 16.11.1 | any |
| cisco | ios_xe | 16.11.1a | any |
| cisco | ios_xe | 16.11.1b | any |
| cisco | ios_xe | 16.11.1s | any |
| cisco | ios_xe | 16.11.2 | any |
| cisco | ios_xe | 16.12.1 | any |
| cisco | ios_xe | 16.12.1a | any |
| cisco | ios_xe | 16.12.1c | any |
| cisco | ios_xe | 16.12.1s | any |
| cisco | ios_xe | 16.12.1t | any |
| cisco | ios_xe | 16.12.1w | any |
| cisco | ios_xe | 16.12.1x | any |
| cisco | ios_xe | 16.12.1y | any |
| cisco | ios_xe | 16.12.1z1 | any |
| cisco | ios_xe | 16.12.1z2 | any |
| cisco | ios_xe | 16.12.2 | any |
| cisco | ios_xe | 16.12.2a | any |
| cisco | ios_xe | 16.12.2s | any |
| cisco | ios_xe | 16.12.3 | any |
| cisco | ios_xe | 16.12.3a | any |
| cisco | ios_xe | 16.12.3s | any |
| cisco | ios_xe | 16.12.4 | any |
| cisco | ios_xe | 16.12.4a | any |
| cisco | ios_xe | 16.12.5 | any |
| cisco | ios_xe | 16.12.5a | any |
| cisco | ios_xe | 16.12.5b | any |
| cisco | ios_xe | 16.12.6 | any |
| cisco | ios_xe | 16.12.6a | any |
| cisco | ios_xe | 16.12.7 | any |
| cisco | ios_xe | 16.12.8 | any |
| cisco | ios_xe | 16.12.9 | any |
| cisco | ios_xe | 16.12.10 | any |
| cisco | ios_xe | 16.12.10a | any |
| cisco | ios_xe | 16.12.11 | any |
| cisco | ios_xe | 16.12.12 | any |
| cisco | ios_xe | 16.12.13 | any |
| cisco | ios_xe | 17.1.1 | any |
| cisco | ios_xe | 17.1.1a | any |
| cisco | ios_xe | 17.1.1s | any |
| cisco | ios_xe | 17.1.1t | any |
| cisco | ios_xe | 17.1.3 | any |
| cisco | ios_xe | 17.2.1 | any |
| cisco | ios_xe | 17.2.1a | any |
| cisco | ios_xe | 17.2.1r | any |
| cisco | ios_xe | 17.2.1v | any |
| cisco | ios_xe | 17.2.2 | any |
| cisco | ios_xe | 17.2.3 | any |
| cisco | ios_xe | 17.3.1 | any |
| cisco | ios_xe | 17.3.1a | any |
| cisco | ios_xe | 17.3.1w | any |
| cisco | ios_xe | 17.3.1x | any |
| cisco | ios_xe | 17.3.1z | any |
| cisco | ios_xe | 17.3.2 | any |
| cisco | ios_xe | 17.3.2a | any |
| cisco | ios_xe | 17.3.3 | any |
| cisco | ios_xe | 17.3.4 | any |
| cisco | ios_xe | 17.3.4a | any |
| cisco | ios_xe | 17.3.4b | any |
| cisco | ios_xe | 17.3.4c | any |
| cisco | ios_xe | 17.3.5 | any |
| cisco | ios_xe | 17.3.5a | any |
| cisco | ios_xe | 17.3.5b | any |
| cisco | ios_xe | 17.3.6 | any |
| cisco | ios_xe | 17.3.7 | any |
| cisco | ios_xe | 17.3.8 | any |
| cisco | ios_xe | 17.3.8a | any |
| cisco | ios_xe | 17.4.1 | any |
| cisco | ios_xe | 17.4.1a | any |
| cisco | ios_xe | 17.4.1b | any |
| cisco | ios_xe | 17.4.2 | any |
| cisco | ios_xe | 17.4.2a | any |
| cisco | ios_xe | 17.5.1 | any |
| cisco | ios_xe | 17.5.1a | any |
| cisco | ios_xe | 17.6.1 | any |
| cisco | ios_xe | 17.6.1a | any |
| cisco | ios_xe | 17.6.1w | any |
| cisco | ios_xe | 17.6.1x | any |
| cisco | ios_xe | 17.6.1y | any |
| cisco | ios_xe | 17.6.1z | any |
| cisco | ios_xe | 17.6.1z1 | any |
| cisco | ios_xe | 17.6.2 | any |
| cisco | ios_xe | 17.6.3 | any |
| cisco | ios_xe | 17.6.3a | any |
| cisco | ios_xe | 17.6.4 | any |
| cisco | ios_xe | 17.6.5 | any |
| cisco | ios_xe | 17.6.5a | any |
| cisco | ios_xe | 17.6.6 | any |
| cisco | ios_xe | 17.6.6a | any |
| cisco | ios_xe | 17.6.7 | any |
| cisco | ios_xe | 17.6.8 | any |
| cisco | ios_xe | 17.6.8a | any |
| cisco | ios_xe | 17.7.1 | any |
| cisco | ios_xe | 17.7.1a | any |
| cisco | ios_xe | 17.7.1b | any |
| cisco | ios_xe | 17.7.2 | any |
| cisco | ios_xe | 17.8.1 | any |
| cisco | ios_xe | 17.8.1a | any |
| cisco | ios_xe | 17.9.1 | any |
| cisco | ios_xe | 17.9.1a | any |
| cisco | ios_xe | 17.9.1w | any |
| cisco | ios_xe | 17.9.1x | any |
| cisco | ios_xe | 17.9.1x1 | any |
| cisco | ios_xe | 17.9.1y | any |
| cisco | ios_xe | 17.9.1y1 | any |
| cisco | ios_xe | 17.9.2 | any |
| cisco | ios_xe | 17.9.2a | any |
| cisco | ios_xe | 17.9.3 | any |
| cisco | ios_xe | 17.9.3a | any |
| cisco | ios_xe | 17.9.4 | any |
| cisco | ios_xe | 17.9.4a | any |
| cisco | ios_xe | 17.9.5 | any |
| cisco | ios_xe | 17.9.5a | any |
| cisco | ios_xe | 17.9.5b | any |
| cisco | ios_xe | 17.9.5e | any |
| cisco | ios_xe | 17.9.5f | any |
| cisco | ios_xe | 17.9.6 | any |
| cisco | ios_xe | 17.9.6a | any |
| cisco | ios_xe | 17.10.1 | any |
| cisco | ios_xe | 17.10.1a | any |
| cisco | ios_xe | 17.10.1b | any |
| cisco | ios_xe | 17.11.1 | any |
| cisco | ios_xe | 17.11.1a | any |
| cisco | ios_xe | 17.12.1 | any |
| cisco | ios_xe | 17.12.1w | any |
| cisco | ios_xe | 17.12.1x | any |
| cisco | ios_xe | 17.12.1y | any |
| cisco | ios_xe | 17.12.1z | any |
| cisco | ios_xe | 17.12.1z1 | any |
| cisco | ios_xe | 17.12.2 | any |
| cisco | ios_xe | 17.12.2a | any |
| cisco | ios_xe | 17.12.3 | any |
| cisco | ios_xe | 17.12.3a | any |
| cisco | ios_xe | 17.12.4 | any |
| cisco | ios_xe | 17.12.4a | any |
| cisco | ios_xe | 17.12.4b | any |
| cisco | ios_xe | 17.13.1 | any |
| cisco | ios_xe | 17.13.1a | any |
| cisco | ios_xe | 17.14.1 | any |
| cisco | ios_xe | 17.14.1a | any |
| cisco | asr_903 | * | any |
References 1
- sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr903-rsp3-arp-dos-WmfzdvJZ
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.