CVE-2024-20318

CWE-20Improper Input Validation4 documents4 sources
Severity
7.4HIGH
EPSS
0.1%
top 83.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Cisco IOS XR Software
Timeline
PublishedMar 13

Description

A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A succ

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages1 packages

CVEListV5cisco/cisco_ios_xr_software36 versions+35

🔴Vulnerability Details

2
GHSA
GHSA-6hgv-w8jj-jm2j: A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card net2024-03-13
CVEList
CVE-2024-20318: A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card net2024-03-13

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability2024-03-13
CVE-2024-20318 (HIGH CVSS 7.4) | A vulnerability in the Layer 2 Ethe | cvebase.io