SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Cisco Patches High-Severity Vulnerabilities in Network Operating System

Cisco has announced security updates that patch eight vulnerabilities in IOS XR software, including six high-severity bugs.

Cisco on Wednesday announced patches for eight vulnerabilities in the IOS XR network operating system, including fixes for six high-severity bugs.

The most severe of the flaws is CVE-2024-20398 (CVSS score of 8.8), an insufficient validation of user arguments that IOS XR passes to specific CLI commands.

“An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root,” Cisco explains.

Next in line is CVE-2024-20304 (CVSS score of 8.6), a bug impacting the Mtrace2 feature of IOS XR that could be exploited remotely, without authentication, to cause a denial-of-service (DoS) condition.

“This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device,” the tech company explains.

Cisco also warned that two high-severity flaws affecting the Routed Passive Optical Network (PON) controller software that runs as a docker container on devices running IOS XR could be exploited for command injection, allowing authenticated attackers to execute commands as root or retrieve MongoDB credentials.

Advertisement. Scroll to continue reading.

The two bugs, tracked as CVE-2024-20483 and CVE-2024-20489, impact NCS 540, NCS 5500, and NCS 5700 routers, and will be resolved with future updates, Cisco says.

On Wednesday, the tech company announced fixes for two other high-severity DoS flaws in its network OS, including one affecting the handling of specific Ethernet frames and another impacting the segment routing feature for the IS-IS routing protocol.

Fixes were also announced for two medium-severity bugs in IOS XR that could allow attackers to read files from the underlying Linux operating system, or cause a DoS condition on XML TCP listen port 38751.

Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found in the company’s semiannual IOS XR software security advisory.

Related: Cisco Patches Critical Vulnerabilities in Smart Licensing Utility

Related: Cisco Systems Joins Microsoft, IBM in Vatican Pledge to Ensure Ethical Use and Development of AI

Related: Cisco Patches Code Execution Flaw in VPN Product 6 Months After Disclosure

Related: Cisco Adds Vulnerability Identification to Tetration Platform

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: A Step-by-Step Approach to AI Governance
April 28, 2026

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

AutoNation has appointed Brian Fricke as Chief Information Security Officer.

Varun Kohli has joined GetReal Security as Chief Marketing Officer.

MongoDB has appointed Doug Bowers as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.