{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20317", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2023-11-08T15:08:07.632Z", "datePublished": "2024-09-11T16:38:33.082Z", "dateUpdated": "2024-09-11T20:38:58.530Z"}, "containers": {"cna": {"title": "Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to incorrect classification of certain types of Ethernet frames that are received on an interface. An attacker could exploit this vulnerability by sending specific types of Ethernet frames to or through the affected device. A successful exploit could allow the attacker to cause control plane protocol relationships to fail, resulting in a DoS condition. For more information, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-l2services-2mvHdNuC", "name": "cisco-sa-l2services-2mvHdNuC"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-l2services-2mvHdNuC", "discovery": "EXTERNAL", "defects": ["CSCwh30122"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Incorrect Provision of Specified Functionality", "type": "cwe", "cweId": "CWE-684"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco IOS XR Software", "versions": [{"version": "7.7.1", "status": "affected"}, {"version": "7.8.1", "status": "affected"}, {"version": "7.7.2", "status": "affected"}, {"version": "7.9.1", "status": "affected"}, {"version": "7.8.2", "status": "affected"}, {"version": "7.8.22", "status": "affected"}, {"version": "7.10.1", "status": "affected"}, {"version": "7.7.21", "status": "affected"}, {"version": "7.9.2", "status": "affected"}, {"version": "7.9.21", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-09-11T16:38:33.082Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-11T20:37:33.903637Z", "id": "CVE-2024-20317", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T20:38:58.530Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20317", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-11T20:37:33.903637Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T20:38:53.638Z"}}], "cna": {"title": "Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability", "source": {"defects": ["CSCwh30122"], "advisory": "cisco-sa-l2services-2mvHdNuC", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco IOS XR Software", "versions": [{"status": "affected", "version": "7.7.1"}, {"status": "affected", "version": "7.8.1"}, {"status": "affected", "version": "7.7.2"}, {"status": "affected", "version": "7.9.1"}, {"status": "affected", "version": "7.8.2"}, {"status": "affected", "version": "7.8.22"}, {"status": "affected", "version": "7.10.1"}, {"status": "affected", "version": "7.7.21"}, {"status": "affected", "version": "7.9.2"}, {"status": "affected", "version": "7.9.21"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-l2services-2mvHdNuC", "name": "cisco-sa-l2services-2mvHdNuC"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to incorrect classification of certain types of Ethernet frames that are received on an interface. An attacker could exploit this vulnerability by sending specific types of Ethernet frames to or through the affected device. A successful exploit could allow the attacker to cause control plane protocol relationships to fail, resulting in a DoS condition. For more information, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-684", "description": "Incorrect Provision of Specified Functionality"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-09-11T16:38:33.082Z"}}}, "cveMetadata": {"cveId": "CVE-2024-20317", "state": "PUBLISHED", "dateUpdated": "2024-09-11T20:38:58.530Z", "dateReserved": "2023-11-08T15:08:07.632Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2024-09-11T16:38:33.082Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "1807BE16-BAA9-4BC6-B98A-13D584A12821", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "375746CB-695E-4019-89C9-42ED37A5E958", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.21:*:*:*:*:*:*:*", "matchCriteriaId": "CE7D05C0-4065-448B-AAC6-F29E379F3DA6", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "D8ADA2B1-FD5A-4900-953B-30951C8EF9AE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "9B4C7223-3EFB-48C2-BE22-941F60826D0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.22:*:*:*:*:*:*:*", "matchCriteriaId": "4EE83701-C0B7-4ED2-866B-44B7F54FCA0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "164B241C-397A-4921-BC5B-F928A21E91C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "FAD3875D-D283-4961-BE31-750FDF9CDF56", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.21:*:*:*:*:*:*:*", "matchCriteriaId": "87EF9DC5-4BE2-429D-B9BA-EF9F29E7E0F7", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "BAEC28C0-8091-49F9-88D1-CB96234BF52A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to incorrect classification of certain types of Ethernet frames that are received on an interface. An attacker could exploit this vulnerability by sending specific types of Ethernet frames to or through the affected device. A successful exploit could allow the attacker to cause control plane protocol relationships to fail, resulting in a DoS condition. For more information, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad en el manejo de tramas Ethernet espec\u00edficas por parte del software Cisco IOS XR para varias plataformas Cisco Network Convergence System (NCS) podr\u00eda permitir que un atacante adyacente no autenticado provoque que se descarten paquetes de prioridad cr\u00edtica, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a la clasificaci\u00f3n incorrecta de ciertos tipos de tramas Ethernet que se reciben en una interfaz. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando tipos espec\u00edficos de tramas Ethernet al dispositivo afectado o a trav\u00e9s de \u00e9l. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante provoque que las relaciones de protocolo del plano de control fallen, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio. Para obtener m\u00e1s informaci\u00f3n, consulte la secci\u00f3n de este aviso. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad."}], "id": "CVE-2024-20317", "lastModified": "2024-10-03T17:58:40.703", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2024-09-11T17:15:12.043", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-l2services-2mvHdNuC"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-684"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}