CVE-2024-20318
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco IOS XR Software | 6.5.2 | affected |
| Cisco | Cisco IOS XR Software | 6.5.3 | affected |
| Cisco | Cisco IOS XR Software | 6.6.2 | affected |
| Cisco | Cisco IOS XR Software | 6.6.3 | affected |
| Cisco | Cisco IOS XR Software | 6.6.25 | affected |
| Cisco | Cisco IOS XR Software | 7.0.1 | affected |
| Cisco | Cisco IOS XR Software | 7.0.2 | affected |
| Cisco | Cisco IOS XR Software | 7.1.1 | affected |
| Cisco | Cisco IOS XR Software | 7.1.15 | affected |
| Cisco | Cisco IOS XR Software | 7.1.2 | affected |
| Cisco | Cisco IOS XR Software | 7.1.3 | affected |
| Cisco | Cisco IOS XR Software | 6.7.1 | affected |
| Cisco | Cisco IOS XR Software | 6.7.2 | affected |
| Cisco | Cisco IOS XR Software | 6.7.3 | affected |
| Cisco | Cisco IOS XR Software | 7.3.1 | affected |
| Cisco | Cisco IOS XR Software | 7.3.2 | affected |
| Cisco | Cisco IOS XR Software | 7.3.3 | affected |
| Cisco | Cisco IOS XR Software | 7.3.5 | affected |
| Cisco | Cisco IOS XR Software | 7.4.1 | affected |
| Cisco | Cisco IOS XR Software | 7.4.2 | affected |
| Cisco | Cisco IOS XR Software | 6.8.1 | affected |
| Cisco | Cisco IOS XR Software | 6.8.2 | affected |
| Cisco | Cisco IOS XR Software | 7.5.1 | affected |
| Cisco | Cisco IOS XR Software | 7.5.3 | affected |
| Cisco | Cisco IOS XR Software | 7.5.2 | affected |
| Cisco | Cisco IOS XR Software | 7.5.4 | affected |
| Cisco | Cisco IOS XR Software | 7.5.5 | affected |
| Cisco | Cisco IOS XR Software | 7.6.1 | affected |
| Cisco | Cisco IOS XR Software | 7.6.2 | affected |
| Cisco | Cisco IOS XR Software | 7.7.1 | affected |
| Cisco | Cisco IOS XR Software | 7.7.2 | affected |
| Cisco | Cisco IOS XR Software | 6.9.1 | affected |
| Cisco | Cisco IOS XR Software | 6.9.2 | affected |
| Cisco | Cisco IOS XR Software | 7.8.1 | affected |
| Cisco | Cisco IOS XR Software | 7.8.2 | affected |
| Cisco | Cisco IOS XR Software | 7.9.1 | affected |
Weaknesses
- CWE-20: Improper Input Validation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.