CVE-2024-20318 - OpenCVE

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20318", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2023-11-08T15:08:07.632Z", "datePublished": "2024-03-13T16:46:24.113Z", "dateUpdated": "2024-08-01T21:59:41.382Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-03-13T16:46:24.113Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition."}], "affected": [{"vendor": "Cisco", "product": "Cisco IOS XR Software", "versions": [{"version": "6.5.2", "status": "affected"}, {"version": "6.5.3", "status": "affected"}, {"version": "6.6.2", "status": "affected"}, {"version": "6.6.3", "status": "affected"}, {"version": "6.6.25", "status": "affected"}, {"version": "7.0.1", "status": "affected"}, {"version": "7.0.2", "status": "affected"}, {"version": "7.1.1", "status": "affected"}, {"version": "7.1.15", "status": "affected"}, {"version": "7.1.2", "status": "affected"}, {"version": "7.1.3", "status": "affected"}, {"version": "6.7.1", "status": "affected"}, {"version": "6.7.2", "status": "affected"}, {"version": "6.7.3", "status": "affected"}, {"version": "7.3.1", "status": "affected"}, {"version": "7.3.2", "status": "affected"}, {"version": "7.3.3", "status": "affected"}, {"version": "7.3.5", "status": "affected"}, {"version": "7.4.1", "status": "affected"}, {"version": "7.4.2", "status": "affected"}, {"version": "6.8.1", "status": "affected"}, {"version": "6.8.2", "status": "affected"}, {"version": "7.5.1", "status": "affected"}, {"version": "7.5.3", "status": "affected"}, {"version": "7.5.2", "status": "affected"}, {"version": "7.5.4", "status": "affected"}, {"version": "7.5.5", "status": "affected"}, {"version": "7.6.1", "status": "affected"}, {"version": "7.6.2", "status": "affected"}, {"version": "7.7.1", "status": "affected"}, {"version": "7.7.2", "status": "affected"}, {"version": "6.9.1", "status": "affected"}, {"version": "6.9.2", "status": "affected"}, {"version": "7.8.1", "status": "affected"}, {"version": "7.8.2", "status": "affected"}, {"version": "7.9.1", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Input Validation", "type": "cwe", "cweId": "CWE-20"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc", "name": "cisco-sa-xrl2vpn-jesrU3fc"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-xrl2vpn-jesrU3fc", "discovery": "EXTERNAL", "defects": ["CSCwe29150"]}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20318", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-13T18:14:49.794916Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:18.112Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:59:41.382Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc", "name": "cisco-sa-xrl2vpn-jesrU3fc", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc", "name": "cisco-sa-xrl2vpn-jesrU3fc", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:59:41.382Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20318", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-13T18:14:49.794916Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:41.883Z"}}], "cna": {"source": {"defects": ["CSCwe29150"], "advisory": "cisco-sa-xrl2vpn-jesrU3fc", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco IOS XR Software", "versions": [{"status": "affected", "version": "6.5.2"}, {"status": "affected", "version": "6.5.3"}, {"status": "affected", "version": "6.6.2"}, {"status": "affected", "version": "6.6.3"}, {"status": "affected", "version": "6.6.25"}, {"status": "affected", "version": "7.0.1"}, {"status": "affected", "version": "7.0.2"}, {"status": "affected", "version": "7.1.1"}, {"status": "affected", "version": "7.1.15"}, {"status": "affected", "version": "7.1.2"}, {"status": "affected", "version": "7.1.3"}, {"status": "affected", "version": "6.7.1"}, {"status": "affected", "version": "6.7.2"}, {"status": "affected", "version": "6.7.3"}, {"status": "affected", "version": "7.3.1"}, {"status": "affected", "version": "7.3.2"}, {"status": "affected", "version": "7.3.3"}, {"status": "affected", "version": "7.3.5"}, {"status": "affected", "version": "7.4.1"}, {"status": "affected", "version": "7.4.2"}, {"status": "affected", "version": "6.8.1"}, {"status": "affected", "version": "6.8.2"}, {"status": "affected", "version": "7.5.1"}, {"status": "affected", "version": "7.5.3"}, {"status": "affected", "version": "7.5.2"}, {"status": "affected", "version": "7.5.4"}, {"status": "affected", "version": "7.5.5"}, {"status": "affected", "version": "7.6.1"}, {"status": "affected", "version": "7.6.2"}, {"status": "affected", "version": "7.7.1"}, {"status": "affected", "version": "7.7.2"}, {"status": "affected", "version": "6.9.1"}, {"status": "affected", "version": "6.9.2"}, {"status": "affected", "version": "7.8.1"}, {"status": "affected", "version": "7.8.2"}, {"status": "affected", "version": "7.9.1"}]}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc", "name": "cisco-sa-xrl2vpn-jesrU3fc"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-20", "description": "Improper Input Validation"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-03-13T16:46:24.113Z"}}}, "cveMetadata": {"cveId": "CVE-2024-20318", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:59:41.382Z", "dateReserved": "2023-11-08T15:08:07.632Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2024-03-13T16:46:24.113Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition."}, {"lang": "es", "value": "Una vulnerabilidad en los servicios Ethernet de capa 2 del software Cisco IOS XR podr\u00eda permitir que un atacante adyacente no autenticado provoque que el procesador de red de la tarjeta de l\u00ednea se reinicie, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe al manejo incorrecto de tramas Ethernet espec\u00edficas que se reciben en tarjetas de l\u00ednea que tienen habilitada la funci\u00f3n de servicios de Capa 2. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando tramas Ethernet espec\u00edficas a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el procesador de red de la interfaz de entrada se reinicie, lo que resultar\u00eda en una p\u00e9rdida de tr\u00e1fico en las interfaces admitidas por el procesador de red. M\u00faltiples reinicios del procesador de red provocar\u00edan que la tarjeta de l\u00ednea se reinicie, lo que resultar\u00eda en una condici\u00f3n DoS."}], "id": "CVE-2024-20318", "lastModified": "2024-03-13T18:15:58.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2024-03-13T17:15:47.813", "references": [{"source": "ykramarz@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object