CVE-2024-20406

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.4HIGH

EPSS

0.1%

top 71.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XR Cisco Cisco IOS XR Software

Timeline

PublishedSep 11

Description

A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending specific IS-IS packets to an affected device after forming an adjacency. A successful exploit could …

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5cisco/cisco_ios_xr_software30 versions+29

▶NVDcisco/ios_xr6.8.1 — 7.0.0+1

🔴Vulnerability Details

CVEList

Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability↗2024-09-11

▶

GHSA

GHSA-7474-cqc3-4g2p: A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allo↗2024-09-11

▶

📋Vendor Advisories

Cisco

Cisco IOS XR Software Segment Routing for Intermediate System-to-Intermediate System Denial of Service Vulnerability↗2024-09-11

▶