A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751.
This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack traffic persists.
Metrics
Affected Vendors & Products
References
History
Mon, 07 Oct 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cisco ios Xr
|
|
Weaknesses | NVD-CWE-Other | |
CPEs | cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:* | |
Vendors & Products |
Cisco ios Xr
|
Wed, 11 Sep 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cisco
Cisco ios Xr Software |
|
CPEs | cpe:2.3:o:cisco:ios_xr_software:-:*:*:*:*:*:*:* | |
Vendors & Products |
Cisco
Cisco ios Xr Software |
|
Metrics |
ssvc
|
Wed, 11 Sep 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack traffic persists. | |
Title | Cisco IOS XR Software Dedicated XML Agent TCP Denial of Service Vulnerability | |
Weaknesses | CWE-940 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2024-09-11T16:38:15.320Z
Updated: 2024-09-11T20:53:46.046Z
Reserved: 2023-11-08T15:08:07.659Z
Link: CVE-2024-20390
Vulnrichment
Updated: 2024-09-11T20:52:56.359Z
NVD
Status : Analyzed
Published: 2024-09-11T17:15:12.613
Modified: 2024-10-07T17:51:37.197
Link: CVE-2024-20390
Redhat
No data.