CVE-2024-20318

Summary

A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco IOS XR Software6.5.2affected
CiscoCisco IOS XR Software6.5.3affected
CiscoCisco IOS XR Software6.6.2affected
CiscoCisco IOS XR Software6.6.3affected
CiscoCisco IOS XR Software6.6.25affected
CiscoCisco IOS XR Software7.0.1affected
CiscoCisco IOS XR Software7.0.2affected
CiscoCisco IOS XR Software7.1.1affected
CiscoCisco IOS XR Software7.1.15affected
CiscoCisco IOS XR Software7.1.2affected
CiscoCisco IOS XR Software7.1.3affected
CiscoCisco IOS XR Software6.7.1affected
CiscoCisco IOS XR Software6.7.2affected
CiscoCisco IOS XR Software6.7.3affected
CiscoCisco IOS XR Software7.3.1affected
CiscoCisco IOS XR Software7.3.2affected
CiscoCisco IOS XR Software7.3.3affected
CiscoCisco IOS XR Software7.3.5affected
CiscoCisco IOS XR Software7.4.1affected
CiscoCisco IOS XR Software7.4.2affected
CiscoCisco IOS XR Software6.8.1affected
CiscoCisco IOS XR Software6.8.2affected
CiscoCisco IOS XR Software7.5.1affected
CiscoCisco IOS XR Software7.5.3affected
CiscoCisco IOS XR Software7.5.2affected
CiscoCisco IOS XR Software7.5.4affected
CiscoCisco IOS XR Software7.5.5affected
CiscoCisco IOS XR Software7.6.1affected
CiscoCisco IOS XR Software7.6.2affected
CiscoCisco IOS XR Software7.7.1affected
CiscoCisco IOS XR Software7.7.2affected
CiscoCisco IOS XR Software6.9.1affected
CiscoCisco IOS XR Software6.9.2affected
CiscoCisco IOS XR Software7.8.1affected
CiscoCisco IOS XR Software7.8.2affected
CiscoCisco IOS XR Software7.9.1affected

Weaknesses

  • CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References