CVE-2024-20327: Cisco ASR 9000 PPPoE Termination DoS
CVE-2024-20327 Published on March 13, 2024
A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A successful exploit could allow the attacker to crash the ppp_ma process, resulting in a DoS condition for PPPoE traffic across the router.
Vulnerability Analysis
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2024-20327
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-20327 are published in Cisco Ios Xr:
Affected Versions
Cisco IOS XR Software:- Version 5.2.0 is affected.
- Version 5.2.2 is affected.
- Version 5.2.4 is affected.
- Version 5.3.0 is affected.
- Version 5.3.1 is affected.
- Version 5.3.2 is affected.
- Version 5.3.3 is affected.
- Version 5.3.4 is affected.
- Version 6.0.0 is affected.
- Version 6.0.1 is affected.
- Version 6.0.2 is affected.
- Version 6.1.1 is affected.
- Version 6.1.2 is affected.
- Version 6.1.3 is affected.
- Version 6.1.4 is affected.
- Version 6.2.1 is affected.
- Version 6.2.2 is affected.
- Version 6.2.3 is affected.
- Version 6.2.25 is affected.
- Version 6.3.2 is affected.
- Version 6.3.3 is affected.
- Version 6.4.1 is affected.
- Version 6.4.2 is affected.
- Version 6.5.1 is affected.
- Version 6.5.2 is affected.
- Version 6.5.3 is affected.
- Version 6.6.2 is affected.
- Version 6.6.3 is affected.
- Version 6.6.25 is affected.
- Version 7.0.1 is affected.
- Version 7.0.2 is affected.
- Version 7.1.1 is affected.
- Version 7.1.15 is affected.
- Version 7.1.2 is affected.
- Version 7.1.3 is affected.
- Version 6.7.1 is affected.
- Version 6.7.2 is affected.
- Version 6.7.3 is affected.
- Version 7.3.1 is affected.
- Version 7.3.2 is affected.
- Version 7.3.3 is affected.
- Version 7.3.5 is affected.
- Version 7.4.1 is affected.
- Version 7.4.2 is affected.
- Version 6.8.1 is affected.
- Version 6.8.2 is affected.
- Version 7.5.1 is affected.
- Version 7.5.3 is affected.
- Version 7.5.2 is affected.
- Version 7.5.4 is affected.
- Version 7.5.5 is affected.
- Version 7.6.1 is affected.
- Version 7.6.2 is affected.
- Version 7.7.1 is affected.
- Version 7.7.2 is affected.
- Version 6.9.1 is affected.
- Version 6.9.2 is affected.
- Version 7.8.1 is affected.
- Version 7.8.2 is affected.
- Version 7.9.1 is affected.
- Version 7.9.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.