7.4
CVE-2024-20327
- EPSS 0.08%
- Published 13.03.2024 17:15:48
- Last modified 06.05.2025 17:11:55
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A successful exploit could allow the attacker to crash the ppp_ma process, resulting in a DoS condition for PPPoE traffic across the router.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Ios Xr Version < 7.9.21
Cisco ≫ Asr 9000v-v2 Version-
Cisco ≫ Asr 9001 Version-
Cisco ≫ Asr 9006 Version-
Cisco ≫ Asr 9010 Version-
Cisco ≫ Asr 9901 Version-
Cisco ≫ Asr 9902 Version-
Cisco ≫ Asr 9903 Version-
Cisco ≫ Asr 9904 Version-
Cisco ≫ Asr 9906 Version-
Cisco ≫ Asr 9910 Version-
Cisco ≫ Asr 9912 Version-
Cisco ≫ Asr 9922 Version-
Cisco ≫ Asr 9001 Version-
Cisco ≫ Asr 9006 Version-
Cisco ≫ Asr 9010 Version-
Cisco ≫ Asr 9901 Version-
Cisco ≫ Asr 9902 Version-
Cisco ≫ Asr 9903 Version-
Cisco ≫ Asr 9904 Version-
Cisco ≫ Asr 9906 Version-
Cisco ≫ Asr 9910 Version-
Cisco ≫ Asr 9912 Version-
Cisco ≫ Asr 9922 Version-
Cisco ≫ Ios Xr Version >= 7.10 < 7.10.1
Cisco ≫ Asr 9000v-v2 Version-
Cisco ≫ Asr 9001 Version-
Cisco ≫ Asr 9006 Version-
Cisco ≫ Asr 9010 Version-
Cisco ≫ Asr 9901 Version-
Cisco ≫ Asr 9902 Version-
Cisco ≫ Asr 9903 Version-
Cisco ≫ Asr 9904 Version-
Cisco ≫ Asr 9906 Version-
Cisco ≫ Asr 9910 Version-
Cisco ≫ Asr 9912 Version-
Cisco ≫ Asr 9922 Version-
Cisco ≫ Asr 9001 Version-
Cisco ≫ Asr 9006 Version-
Cisco ≫ Asr 9010 Version-
Cisco ≫ Asr 9901 Version-
Cisco ≫ Asr 9902 Version-
Cisco ≫ Asr 9903 Version-
Cisco ≫ Asr 9904 Version-
Cisco ≫ Asr 9906 Version-
Cisco ≫ Asr 9910 Version-
Cisco ≫ Asr 9912 Version-
Cisco ≫ Asr 9922 Version-
Cisco ≫ Ios Xr Version >= 7.11 < 7.11.1
Cisco ≫ Asr 9000v-v2 Version-
Cisco ≫ Asr 9001 Version-
Cisco ≫ Asr 9006 Version-
Cisco ≫ Asr 9010 Version-
Cisco ≫ Asr 9901 Version-
Cisco ≫ Asr 9902 Version-
Cisco ≫ Asr 9903 Version-
Cisco ≫ Asr 9904 Version-
Cisco ≫ Asr 9906 Version-
Cisco ≫ Asr 9910 Version-
Cisco ≫ Asr 9912 Version-
Cisco ≫ Asr 9922 Version-
Cisco ≫ Asr 9001 Version-
Cisco ≫ Asr 9006 Version-
Cisco ≫ Asr 9010 Version-
Cisco ≫ Asr 9901 Version-
Cisco ≫ Asr 9902 Version-
Cisco ≫ Asr 9903 Version-
Cisco ≫ Asr 9904 Version-
Cisco ≫ Asr 9906 Version-
Cisco ≫ Asr 9910 Version-
Cisco ≫ Asr 9912 Version-
Cisco ≫ Asr 9922 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.234 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.8 | 4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
| psirt@cisco.com | 7.4 | 2.8 | 4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.