CVE-2024-20390

CWE-940CWE-20Improper Input Validation5 documents5 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 55.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XRCisco Cisco IOS XR Software
Timeline
PublishedSep 11

Description

A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_software86 versions+85
NVDcisco/ios_xr< 24.1.2

🔴Vulnerability Details

2
GHSA
GHSA-4pqw-cgvq-97j3: A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of servi2024-09-11
CVEList
Cisco IOS XR Software Dedicated XML Agent TCP Denial of Service Vulnerability2024-09-11

📋Vendor Advisories

2
Cisco
Cisco IOS XR Software Dedicated XML Agent TCP Denial of Service Vulnerability2024-09-11
Red Hat
kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()2024-04-17
CVE-2024-20390 (MEDIUM CVSS 5.3) | A vulnerability in the Dedicated XM | cvebase.io