CVE-2024-20318

A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition.

Severity	HIGH
CVSS	7.4
CWE	CWE-20
KEV
Published	2 years ago
Modified	1 month ago

Related Products

Product	Advisory
Cisco RV Series Routers	cisco-sa-xrl2vpn-jesrU3fc
Cisco Nexus Dashboard	cisco-sa-xrl2vpn-jesrU3fc
Cisco IOS Software	cisco-sa-xrl2vpn-jesrU3fc
Cisco Catalyst PON Series Switches	cisco-sa-xrl2vpn-jesrU3fc
Cisco Application Centric Infrastructure Virtual Edge	cisco-sa-xrl2vpn-jesrU3fc
Cisco IOS XR Software	cisco-sa-xrl2vpn-jesrU3fc
Cisco IOS	cisco-sa-xrl2vpn-jesrU3fc