7.4
CVE-2024-20318
- EPSS 0.05%
- Veröffentlicht 13.03.2024 17:15:47
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco IOS XR Software
Version
6.5.2
Status
affected
Version
6.5.3
Status
affected
Version
6.6.2
Status
affected
Version
6.6.3
Status
affected
Version
6.6.25
Status
affected
Version
7.0.1
Status
affected
Version
7.0.2
Status
affected
Version
7.1.1
Status
affected
Version
7.1.15
Status
affected
Version
7.1.2
Status
affected
Version
7.1.3
Status
affected
Version
6.7.1
Status
affected
Version
6.7.2
Status
affected
Version
6.7.3
Status
affected
Version
7.3.1
Status
affected
Version
7.3.2
Status
affected
Version
7.3.3
Status
affected
Version
7.3.5
Status
affected
Version
7.4.1
Status
affected
Version
7.4.2
Status
affected
Version
6.8.1
Status
affected
Version
6.8.2
Status
affected
Version
7.5.1
Status
affected
Version
7.5.3
Status
affected
Version
7.5.2
Status
affected
Version
7.5.4
Status
affected
Version
7.5.5
Status
affected
Version
7.6.1
Status
affected
Version
7.6.2
Status
affected
Version
7.7.1
Status
affected
Version
7.7.2
Status
affected
Version
6.9.1
Status
affected
Version
6.9.2
Status
affected
Version
7.8.1
Status
affected
Version
7.8.2
Status
affected
Version
7.9.1
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.161 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 7.4 | 2.8 | 4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.