Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Cisco Releases Updates for IOS XR Software

September 11, 2024
Reading Time: 2 mins read
in Alerts

Cisco released security updates on September 11, 2024, addressing several vulnerabilities in its IOS XR software. These vulnerabilities were identified through Cisco’s semiannual security advisory publication, which is typically released in March and September. The September 2024 advisory includes seven security advisories that detail eight vulnerabilities, all of which could potentially be exploited by cyber threat actors. Exploiting these flaws could allow attackers to gain control over affected systems or disrupt their operations. Cisco strongly advises users and administrators to review these advisories and apply the necessary software updates.

Among the vulnerabilities highlighted, CVE-2024-20398 is a high-severity privilege escalation issue in the Cisco IOS XR Software CLI, with a CVSS base score of 8.8. This flaw could allow an authenticated attacker to escalate their privileges and gain unauthorized access to sensitive system functions. Another significant vulnerability, CVE-2024-20304, involves memory exhaustion in UDP packets, which could lead to a denial of service (DoS) by consuming excessive system resources. This vulnerability has a CVSS base score of 8.6, underscoring its criticality.

The advisory also covers vulnerabilities in the Cisco Routed Passive Optical Network (PON) Controller, identified as CVE-2024-20483 and CVE-2024-20489, both of which have a CVSS score of 8.4. These vulnerabilities could allow remote attackers to execute arbitrary code or cause a DoS. Additionally, Cisco IOS XR software suffers from a vulnerability in its Network Convergence System (CVE-2024-20317) that could result in a high-severity denial of service. Another issue, CVE-2024-20406, affects the Segment Routing for Intermediate System-to-Intermediate System protocol, which could also lead to a DoS attack.

Two other vulnerabilities identified in the advisory, CVE-2024-20343 and CVE-2024-20390, have lower severity ratings but still pose significant risks. CVE-2024-20343 allows for arbitrary file reading in the CLI, while CVE-2024-20390 affects the Dedicated XML Agent TCP, enabling potential DoS attacks. Both vulnerabilities are classified as medium severity with CVSS scores of 5.5 and 5.3, respectively. Cisco urges all users of affected Cisco IOS XR software versions to implement the necessary updates to mitigate these vulnerabilities and ensure the security of their networks.

 

Reference:

  • Cisco Event Response: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication

Tags: CiscoCyber AlertsCyber Alerts 2024Cyber threatsIOS XR softwareSeptember 2024Vulnerabilities
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial