Cisco IOS XR Software Vulnerability Could Lead to Denial of Service on XML TCP Port 38751
CVE-2024-20390
5.3MEDIUM
Key Information
- Vendor
- Cisco
- Status
- Cisco iOS Xr Software
- Vendor
- CVE Published:
- 11 September 2024
Badges
👾 Exploit Exists
Summary
A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack traffic persists.
Affected Version(s)
Cisco IOS XR Software = 6.5.3
Cisco IOS XR Software = 6.5.29
Cisco IOS XR Software = 6.5.1
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
- 👾
Exploit exists.
Collectors
NVD DatabaseMitre Database