Cisco IOS XR Software Vulnerability Could Lead to Denial of Service
CVE-2024-20406

7.4HIGH

Key Information:

Vendor
Cisco
Status
Cisco iOS Xr Software
Vendor
CVE Published:
11 September 2024

Summary

The vulnerability in the segment routing feature of the Intermediate System-to-Intermediate System (IS-IS) protocol within Cisco IOS XR Software allows unauthenticated, adjacent attackers to engineer a denial of service (DoS) condition by exploiting insufficient input validation. By sending specially crafted IS-IS packets to an affected device after establishing an adjacency, an attacker can trigger a crash and subsequent restart of the IS-IS process across all devices involved in the Flexible Algorithm. This affects IS-IS operations over both IPv4 and IPv6 control planes, as well as devices configured for various routing levels. Ensuring proper network security measures are in place is essential to mitigate the risk associated with this vulnerability.

Affected Version(s)

Cisco IOS XR Software 7.4.1

Cisco IOS XR Software 6.8.1

Cisco IOS XR Software 7.4.15

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.