CVE-2024-20327

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers (affected versions not specified)

Description A vulnerability in the PPP over Ethernet (PPPoE) termination feature could allow an unauthenticated, adjacent attacker to crash the ppp ma process, resulting in a denial of service (DoS) condition. This issue is due to the improper handling of malformed PPPoE packets received on a router running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.