Description

A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack traffic persists.

INFO

Published Date :

2024-09-11T16:38:15.320Z

Last Modified :

2024-09-11T20:53:46.046Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2024-20390 vulnerability.

Vendors Products
Cisco
  • Ios Xr
  • Ios Xr Software
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-20390.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-xml-tcpdos-ZEXvrU2S cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact