CVE-2024-20406
Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability
Severity Score
7.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending specific IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process on all affected devices that are participating in the Flexible Algorithm to crash and restart, resulting in a DoS condition.
Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency. This vulnerability affects segment routing for IS-IS over IPv4 and IPv6 control planes as well as devices that are configured as level 1, level 2, or multi-level routing IS-IS type.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-11-08 CVE Reserved
- 2024-09-11 CVE Published
- 2024-09-11 CVE Updated
- 2024-10-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-xehpbVNe |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.4.1 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.4.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 6.8.1 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "6.8.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.4.15 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.4.15" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.5.1 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.5.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.4.16 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.4.16" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.6.1 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.6.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.5.2 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.5.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.8.1 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.8.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.6.15 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.6.15" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.5.12 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.5.12" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.7.1 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.7.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 6.8.2 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "6.8.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.4.2 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.4.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 6.9.1 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "6.9.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.6.2 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.6.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.5.3 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.5.3" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.7.2 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.7.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 6.9.2 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "6.9.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.9.1 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.9.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.10.1 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.10.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.8.2 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.8.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.5.4 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.5.4" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.8.22 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.8.22" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.7.21 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.7.21" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.9.2 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.9.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.5.5 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.5.5" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.11.1 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.11.1" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.9.21 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.9.21" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.10.2 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.10.2" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software" | 7.6.3 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "7.6.3" | en |
Affected
| ||||||