{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-10T23:20:19.661","vulnerabilities":[{"cve":{"id":"CVE-2024-20390","sourceIdentifier":"psirt@cisco.com","published":"2024-09-11T17:15:12.613","lastModified":"2024-10-07T17:51:37.197","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751.\r\n\r\nThis vulnerability is due to a lack of proper error validation of ingress XML packets. An attacker could exploit this vulnerability by sending a sustained, crafted stream of XML traffic to a targeted device. A successful exploit could allow the attacker to cause XML TCP port 38751 to become unreachable while the attack traffic persists."},{"lang":"es","value":"Una vulnerabilidad en la función Dedicated XML Agent del software Cisco IOS XR podría permitir que un atacante remoto no autenticado provoque una denegación de servicio (DoS) en el puerto de escucha XML TCP 38751. Esta vulnerabilidad se debe a la falta de una validación de errores adecuada de los paquetes XML de entrada. Un atacante podría aprovechar esta vulnerabilidad enviando un flujo continuo y elaborado de tráfico XML a un dispositivo de destino. Una explotación exitosa podría permitir al atacante hacer que el puerto XML TCP 38751 se vuelva inaccesible mientras persista el tráfico de ataque."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-940"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*","versionEndExcluding":"24.1.2","matchCriteriaId":"F6EADB55-720D-4DF2-A076-256FFCEB961D"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-xml-tcpdos-ZEXvrU2S","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}}]}