Rewterz Threat Advisory – Multiple Cisco IOS XR Software Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-20318 CVSS:7.4

Cisco IOS XR Software is vulnerable to a denial of service, caused by improper handling of specific Ethernet frames received on line cards. By sending specially crafted Ethernet frames, a remote attacker could exploit this vulnerability to cause the line card to reset, and results in a denial of service condition.

CVE-2024-20320 CVSS:7.8

Cisco IOS XR Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper validation of arguments in the SSH client CLI command. By sending a specially crafted SSH client command, an authenticated attacker could exploit this vulnerability to gain elevate privileges to root on the device.

CVE-2024-20327 CVSS:7.4

Cisco IOS XR Software is vulnerable to a denial of service, caused by improper handling of malformed PPPoE packets. By sending a specially crafted PPPoE packet, a remote attacker could exploit this vulnerability to crash the ppp_ma process, and results in a denial of service condition.

CVE-2024-20319 CVSS:4.3

Cisco IOS XR Software could allow a remote attacker to bypass security restrictions, caused by an incorrect UDP forwarding programming when using SNMP with management plane protection. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server.

CVE-2024-20262 CVSS:6.5

Cisco IOS XR Software is vulnerable to a denial of service, caused by improper validation of SCP and SFTP CLI input parameters. By sending specially crafted SCP or SFTP CLI commands, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-20266 CVSS:5.3

Cisco IOS XR Software is vulnerable to a denial of service, caused by improper validation of certain DHCPv4 messages. By sending a specially crafted DHCPv4 message, a remote attacker could exploit this vulnerability to crash the dhcpd process.

CVE-2024-20322 CVSS:5.8

Cisco IOS XR Software could allow a remote attacker to bypass security restrictions, caused by improper assignment of lookup keys to internal interface contexts. By sending a specially crafted request, an attacker could exploit this vulnerability to access resources protected by a configured ACL.

CVE-2024-20315 CVSS:5.8

Cisco IOS XR Software could allow a remote attacker to bypass security restrictions, caused by improper assignment of lookup keys to internal interface contexts. By sending a specially crafted request, an attacker could exploit this vulnerability to access resources protected by a configured ACL.

Impact

• Denial of Service
• Security Bypass
• Privilege Escalation

Indicators Of Compromise

CVE

• CVE-2024-20318
• CVE-2024-20320
• CVE-2024-20327
• CVE-2024-20319
• CVE-2024-20262
• CVE-2024-20266
• CVE-2024-20322
• CVE-2024-20315

Affected Vendors

Cisco

Affected Products

• Cisco Network Convergence System (NCS) 540 Series Routers
• Cisco ASR 9000 Series Aggregation Services Routers
• Cisco IOS XRv 9000 Routers
• Cisco ASR 9902 Compact High-Performance Routers
• Cisco ASR 9903 Compact High-Performance Routers
• Cisco IOS XR White box
• Cisco IOS XR (64-Bit) Software
• Cisco IOS XRd vRouter
• Cisco IOS XR
• Cisco NCS 5700 Series Routers
• Cisco NCS 540 Series Routers
• Cisco IOS XRd Control Plane
• Cisco NCS 560 Series Routers
• Cisco NCS 5500 Series Routers
• Cisco 8000 Series Routers

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-20318

CVE-2024-20320

CVE-2024-20327

CVE-2024-20319

CVE-2024-20262

CVE-2024-20266

CVE-2024-20322

CVE-2024-20315