Cisco released patches on Wednesday to address multiple vulnerabilities in its IOS RX software, including three high-severity flaws that could lead to denial-of-service (DoS) attacks and privilege escalation.
The most critical of these high-severity vulnerabilities is CVE-2024-20320, which affects the SSH feature of IOS RX. This flaw could allow attackers to elevate their privileges to root by sending specially crafted SSH commands to the CLI. The vulnerability affects 8000 series routers and Network Convergence System (NCS) 540 series and 5700 series routers. Cisco addressed this issue with the release of IOS RX version 7.10.2, and users are advised to upgrade to this patched version if their devices are running older iterations of the operating system.
Another high-severity flaw, tracked as CVE-2024-20318, impacts line cards with the Layer 2 services feature enabled. Attackers could exploit this vulnerability to reset the line card's network processor by sending specific Ethernet frames through a vulnerable device, leading to a DoS condition. Cisco addressed this issue in IOS RX software releases 7.9.2 and 7.10.1, and also released software maintenance upgrades (SMUs) to resolve the bug.
Additionally, Cisco patched CVE-2024-20327, a high-severity DoS vulnerability affecting the PPPoE termination feature of ASR 9000 series routers. Improper handling of malformed PPPoE packets could crash the ppp_ma process, resulting in a DoS condition for PPPoE traffic. This vulnerability impacts routers running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. IOS RX software releases 7.9.21, 7.10.1, and 7.11.1 contain patches for this flaw.
Cisco also addressed several medium-severity vulnerabilities in IOS XR software that could allow attackers to bypass protections, cause DoS conditions, or install unverified software images.
These vulnerabilities were addressed as part of Cisco’s March 2024 semiannual IOS RX security advisories bundle, which includes eight advisories. Cisco has not reported any exploitation of these vulnerabilities in the wild. Users can find additional information on Cisco’s security advisories page.