Cisco Event Response Page
Cisco Event Response: March 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication
-
Cisco released its semiannual Cisco IOS XR Software Security Advisory Bundled Publication on March 13, 2024. In direct response to customer feedback, Cisco releases bundles of Cisco IOS XR Software Security Advisories on the second Wednesday of the month in March and September of each calendar year.
The March 13, 2024, release of the Cisco IOS XR Software Security Advisory Bundled Publication includes eight Cisco Security Advisories that describe nine vulnerabilities in Cisco IOS XR Software. Cisco has released software updates that address these vulnerabilities.
-
The following table identifies Cisco Security content that is associated with this bundled publication:
Cisco Security Advisory CVE ID Security Impact Rating CVSS Base Score Cisco IOS XR Software SSH Privilege Escalation Vulnerability CVE-2024-20320High7.8Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability CVE-2024-20327High7.4Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability CVE-2024-20318High7.4Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability CVE-2023-20236Medium6.7Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability CVE-2024-20262Medium6.5Cisco IOS XR Software MPLS and Pseudowire Interfaces Access Control List Bypass Vulnerabilities CVE-2024-20315CVE-2024-20322Medium5.8Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability CVE-2024-20266Medium5.3Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability CVE-2024-20319Medium4.3Related Resources
Cisco Security Vulnerability Policy
MITRE Common Vulnerabilities and Exposures
Common Vulnerability Scoring System and the Security Impact Rating
Common Vulnerability Scoring System Q & A