CVE-2024-20390

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Sep 11, 2024
Updated: Sep 12, 2024
CWE ID 940

Summary

CVE-2024-20390 is a vulnerability found in the Dedicated XML Agent feature of Cisco IOS XR Software, which allows unauthenticated remote attackers to potentially cause a denial of service (DoS) on XML TCP port 38751. This issue arises from inadequate error validation of incoming XML packets, enabling attackers to disrupt the availability of the targeted device by sending a continuous stream of crafted XML traffic. Affected products include various Cisco routers running IOS XR Software, and the exploit can be executed without requiring any user interaction or privileges. To remediate this vulnerability, organizations should apply the latest patches and updates provided by Cisco as specified in their security advisory. If left unaddressed, this vulnerability poses a medium severity risk to organizations by compromising device availability and network performance.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share