cve-2024-20318
Vulnerability from cvelistv5
Published
2024-03-13 16:46
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition.
This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco IOS XR Software |
Version: 6.5.2 Version: 6.5.3 Version: 6.6.2 Version: 6.6.3 Version: 6.6.25 Version: 7.0.1 Version: 7.0.2 Version: 7.1.1 Version: 7.1.15 Version: 7.1.2 Version: 7.1.3 Version: 6.7.1 Version: 6.7.2 Version: 6.7.3 Version: 7.3.1 Version: 7.3.2 Version: 7.3.3 Version: 7.3.5 Version: 7.4.1 Version: 7.4.2 Version: 6.8.1 Version: 6.8.2 Version: 7.5.1 Version: 7.5.3 Version: 7.5.2 Version: 7.5.4 Version: 7.5.5 Version: 7.6.1 Version: 7.6.2 Version: 7.7.1 Version: 7.7.2 Version: 6.9.1 Version: 6.9.2 Version: 7.8.1 Version: 7.8.2 Version: 7.9.1 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20318", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-13T18:14:49.794916Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:22:18.112Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:41.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-xrl2vpn-jesrU3fc", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco IOS XR Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "6.5.2" }, { "status": "affected", "version": "6.5.3" }, { "status": "affected", "version": "6.6.2" }, { "status": "affected", "version": "6.6.3" }, { "status": "affected", "version": "6.6.25" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" }, { "status": "affected", "version": "7.1.1" }, { "status": "affected", "version": "7.1.15" }, { "status": "affected", "version": "7.1.2" }, { "status": "affected", "version": "7.1.3" }, { "status": "affected", "version": "6.7.1" }, { "status": "affected", "version": "6.7.2" }, { "status": "affected", "version": "6.7.3" }, { "status": "affected", "version": "7.3.1" }, { "status": "affected", "version": "7.3.2" }, { "status": "affected", "version": "7.3.3" }, { "status": "affected", "version": "7.3.5" }, { "status": "affected", "version": "7.4.1" }, { "status": "affected", "version": "7.4.2" }, { "status": "affected", "version": "6.8.1" }, { "status": "affected", "version": "6.8.2" }, { "status": "affected", "version": "7.5.1" }, { "status": "affected", "version": "7.5.3" }, { "status": "affected", "version": "7.5.2" }, { "status": "affected", "version": "7.5.4" }, { "status": "affected", "version": "7.5.5" }, { "status": "affected", "version": "7.6.1" }, { "status": "affected", "version": "7.6.2" }, { "status": "affected", "version": "7.7.1" }, { "status": "affected", "version": "7.7.2" }, { "status": "affected", "version": "6.9.1" }, { "status": "affected", "version": "6.9.2" }, { "status": "affected", "version": "7.8.1" }, { "status": "affected", "version": "7.8.2" }, { "status": "affected", "version": "7.9.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-13T16:46:24.113Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-xrl2vpn-jesrU3fc", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc" } ], "source": { "advisory": "cisco-sa-xrl2vpn-jesrU3fc", "defects": [ "CSCwe29150" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20318", "datePublished": "2024-03-13T16:46:24.113Z", "dateReserved": "2023-11-08T15:08:07.632Z", "dateUpdated": "2024-08-01T21:59:41.382Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-20318\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2024-03-13T17:15:47.813\",\"lastModified\":\"2024-11-21T08:52:21.667\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition.\\r\\n\\r This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en los servicios Ethernet de capa 2 del software Cisco IOS XR podr\u00eda permitir que un atacante adyacente no autenticado provoque que el procesador de red de la tarjeta de l\u00ednea se reinicie, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe al manejo incorrecto de tramas Ethernet espec\u00edficas que se reciben en tarjetas de l\u00ednea que tienen habilitada la funci\u00f3n de servicios de Capa 2. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando tramas Ethernet espec\u00edficas a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el procesador de red de la interfaz de entrada se reinicie, lo que resultar\u00eda en una p\u00e9rdida de tr\u00e1fico en las interfaces admitidas por el procesador de red. M\u00faltiples reinicios del procesador de red provocar\u00edan que la tarjeta de l\u00ednea se reinicie, lo que resultar\u00eda en una condici\u00f3n DoS.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.