Cisco addressed multiple vulnerabilities in IOS RX software, including three high-severity issues that can be exploited to elevate privileges and trigger a denial-of-service (DoS) condition.
The vulnerability CVE-2024-20320 is a Cisco IOS XR Software SSH privilege escalation vulnerability. The issue resides in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers. An authenticated, local attacker can exploit the vulnerability to elevate privileges on an affected device.
“This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device.” reads the advisory.
The second high-severity vulnerability fixed by the tech giant, tracked as CVE-2024-20318, resides in the Layer 2 Ethernet services of Cisco IOS XR Software. An unauthenticated, adjacent attacker can trigger the flaw to cause the line card network processor to reset, resulting in a denial of service (DoS) condition.
“This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device.” reads the advisory. “A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition.”
The third high-severity vulnerability, tracked as CVE-2024-20327, is a DoS vulnerability in the PPP over Ethernet (PPPoE) termination feature of ASR 9000 series routers.
An unauthenticated, adjacent attacker can trigger the flaw to crash the ppp_ma process, resulting in a denial of service (DoS) condition.
“This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A successful exploit could allow the attacker to crash the ppp_ma process, resulting in a DoS condition for PPPoE traffic across the router.” reads the advisory.
The company PSIRT is not aware of attacks in the wild exploiting the above issues.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, DoS)