July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Ivanti Alerts of Active Vulnerability Exploitation of Recently Patched Cloud Appliance
September 16, 2024Multiple Microsoft Products Vulnerabilities
September 16, 2024Ivanti Alerts of Active Vulnerability Exploitation of Recently Patched Cloud Appliance
September 16, 2024Multiple Microsoft Products Vulnerabilities
September 16, 2024
Severity
Medium
Analysis Summary
CVE-2024-20343 CVSS:5.5
Cisco IOS XR Software could allow a local authenticated attacker to obtain sensitive information, caused by improper validation of the arguments that are passed to a specific CLI command. By sending a specially crafted command, an attacker could exploit this vulnerability to access files in read-only mode on the Linux file system, and use this information to launch further attacks against the affected system.
CVE-2024-20390 CVSS:5.3
Cisco IOS XR Software is vulnerable to a denial of service, caused by improper error validation of ingress XML packets. By sending a specially crafted stream of XML traffic, a remote attacker could exploit this vulnerability to cause XML TCP port 38751 to become unreachable.
Impact
- Denial of Service
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-20343
- CVE-2024-20390
Affected Vendors
Cisco
Affected Products
- Cisco IOS XR Software
- Cisco IOS XR 64-Bit Software
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.