CVE-2024-20307
Published: Mar 27, 2024
Modified: Aug 1, 2024
CVSS v3.1
6.8
Description
A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.
| Vendor | Product | Versions |
|---|---|---|
Cisco | IOS | affected 15.1(2)SG8affected 15.2(4)M11affected 15.1(2)SY8affected 15.1(2)SY9affected 15.1(2)SY10+142 more versions |
Cisco | Cisco IOS XE Software | affected 3.4.8SGaffected 3.10.8Saffected 3.10.8aSaffected 3.10.9Saffected 3.10.10S+213 more versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now