How severe is CVE-2024-20317?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2024-20317?

This is classified as CWE-684, which is a common weakness in software security.

CVE-2024-20317 - HIGH Severity | CVSS 7.4

Vulnerability Description

A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect classification of certain types of Ethernet frames that are received on an interface. An attacker could exploit this vulnerability by sending specific types of Ethernet frames to or through the affected device. A successful exploit could allow the attacker to cause control plane protocol relationships to fail, resulting in a DoS condition. For more information, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Related Vulnerabilities

CVE-2023-5363

HIGH

CVSS:7.5(High)

Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ...

CWE-6842023

CVE-2023-4258

MEDIUM

CVSS:6.5(Medium)

In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.

CWE-6842023

CVE-2024-6502

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to...

CWE-6842024

CVE-2022-23728

MEDIUM

CVSS:6.1(Medium)

Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011.

CWE-6842022

CVE-2024-6425

CRITICAL

CVSS:9.1(Critical)

Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/...

CWE-6842024

CVE-2023-5158

MEDIUM

CVSS:5.5(Medium)

A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length...

CWE-6842023