CVE-2024-20317

CWE-6844 documents4 sources
Severity
7.4HIGH
EPSS
0.2%
top 54.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedSep 11

Description

A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect classification of certain types of Ethernet frames that are received on an interface. An attacker could exploit this vulnerability by sending specific types of Ethe

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_software10 versions+9
NVDcisco/ios_xr10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-qcxf-jg3p-ww69: A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms coul2024-09-11
CVEList
Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability2024-09-11

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Network Convergence System Denial of Service Vulnerability2024-09-11