===================================================================== CERT-Renater Note d'Information No. 2024/VULN123 _____________________________________________________________________ DATE : 14/03/2024 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco IOS XR Software versions prior to 7.9.2, 7.10.1. ===================================================================== https://sec.cloudapps.cisco.com/security/center/publicationListing.x _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2024-March-13. The following PSIRT security advisories (3 High, 5 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco IOS XR Software SSH Privilege Escalation Vulnerability - SIR: High 2) Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability - SIR: High 3) Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability - SIR: High 4) Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability - SIR: Medium 5) Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability - SIR: Medium 6) Cisco IOS XR Software MPLS and Pseudowire Interfaces Access Control List Bypass Vulnerabilities - SIR: Medium 7) Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability - SIR: Medium 8) Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco IOS XR Software SSH Privilege Escalation Vulnerability CVE-2024-20320 SIR: High CVSS Score v(3.1): 7.8 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3"] +-------------------------------------------------------------------- 2) Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability CVE-2024-20327 SIR: High CVSS Score v(3.1): 7.4 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pppma-JKWFgneW ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pppma-JKWFgneW"] +-------------------------------------------------------------------- 3) Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability CVE-2024-20318 SIR: High CVSS Score v(3.1): 7.4 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc"] +-------------------------------------------------------------------- 4) Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability CVE-2024-20262 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-dos-kb6sUUHw ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-dos-kb6sUUHw"] +-------------------------------------------------------------------- 5) Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability CVE-2023-20236 SIR: Medium CVSS Score v(3.1): 6.7 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB"] +-------------------------------------------------------------------- 6) Cisco IOS XR Software MPLS and Pseudowire Interfaces Access Control List Bypass Vulnerabilities CVE-2024-20315, CVE-2024-20322 SIR: Medium CVSS Score v(3.1): 5.8 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"] +-------------------------------------------------------------------- 7) Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability CVE-2024-20266 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dhcp-dos-3tgPKRdm ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dhcp-dos-3tgPKRdm"] +-------------------------------------------------------------------- 8) Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability CVE-2024-20319 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uhv6ZDeF ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uhv6ZDeF"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================