How severe is CVE-2024-20390?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-20390?

This is classified as CWE-940, which is a common weakness in software security.

CVE-2024-20390 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751. This vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack traffic persists.

Related Vulnerabilities

CVE-2024-36506

MEDIUM

CVSS:5.3(Medium)

An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to by...

CWE-9402024

CVE-2024-37664

MEDIUM

CVSS:5.2(Medium)

Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sen...

CWE-9402024

CVE-2021-41038

MEDIUM

CVSS:6.1(Medium)

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().

CWE-9402021

CVE-2024-49579

MEDIUM

CVSS:6.1(Medium)

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests

CWE-9402024

CVE-2024-0009

MEDIUM

CVSS:6.3(Medium)

An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an...

CWE-9402024

CVE-2024-37662

MEDIUM

CVSS:6.3(Medium)

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by se...

CWE-9402024