Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-20406

Опубликовано: 11 сент. 2024
Источник: nvd
CVSS3: 7.4
EPSS Низкий

Описание

A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending specific IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process on all affected devices that are participating in the Flexible Algorithm to crash and restart, resulting in a DoS condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency. This vulnerability affects segment routing for IS-IS over IPv4 and IPv6 control planes as well as devices that are configured as level 1, level 2, or mu

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Версия от 6.8.1 (включая) до 7.0.0 (исключая)
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Версия от 7.4.1 (включая) до 7.11.2 (исключая)

EPSS

Процентиль: 34%
0.0014
Низкий

7.4 High

CVSS3

Дефекты

CWE-20
NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-7474-cqc3-4g2p

CVSS3: 7.4
github
больше 1 года назад

A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending specific IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process on all affected devices that are participating in the Flexible Algorithm to crash and restart, resulting in a DoS condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency. This vulnerability affects segment routing for IS-IS over IPv4 and IPv6 control planes as well as devices that are configured as level 1, level 2, or mu...

fstec логотип

BDU:2025-00915

CVSS3: 7.4
fstec
больше 1 года назад

Уязвимость компонента System-to-Intermediate System Protocol Handler программного обеспечения Cisco IOS XR, позволяющая нарушителю вызвать отказ в обслуживании (DoS)

EPSS

Процентиль: 34%
0.0014
Низкий

7.4 High

CVSS3

Дефекты

CWE-20
NVD-CWE-noinfo