Cisco IOS XR XML Agent DoS Vulnerability (CSCw39201) Advisory

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: Cisco IOS XR Software Dedicated XML Agent TCP Denial of Service Vulnerability - Vulnerability ID: CSCw39201 - Vulnerability Type: Denial of Service (DoS) - Impact: XML TCP listen port 38751 - Cause: Lack of proper error validation for XML packets 2. Affected Products: - Affected Product: Cisco IOS XR Software - Affected Versions: 7.11 and earlier versions 3. Remediation: - Published Fix: Cisco has released software updates to address this vulnerability. - Workaround: No workaround available. 4. Affected Product List: - Affected Products: Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software 5. Affected Software Versions: - Affected Software Versions: 7.11.2 6. Affected Platforms: - Affected Platforms: IOSXRWB, NCS5500 7. Affected SMUs: - Affected SMUs: iosxrwb-7.11.2.CSCw39201, ncs5500-7.11.2.CSCw39201 8. Affected Date: - Affected Date: September 11, 2024 9. Vulnerability Rating: - Rating: Medium 10. Exploitation and Public Announcements: - Exploitation: Cisco PSIRT is not aware of any public announcements or malicious exploitation. - Public Announcements: None 11. Source: - Source: The vulnerability was discovered during the resolution of a Cisco TAC support case. 12. Revision History: - Revision History: Version 1.0, initial public release, status: Final, date: September 11, 2024. This information helps users understand the detailed nature of the vulnerability, affected products and versions, remediation steps, and the date of impact.

Goal Reached Thanks to every supporter — we hit 100%!

Cisco IOS XR XML Agent DoS Vulnerability (CSCw39201) Advisory