CVE-2024-20308
Published: Mar 27, 2024
Modified: Nov 26, 2024
CVSS v3.1
8.6
Description
A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic..
| Vendor | Product | Versions |
|---|---|---|
Cisco | IOS | affected 12.4(24)Taffected 12.4(24)T3affected 12.4(22)T1affected 12.4(24)T5affected 12.4(24)T4+626 more versions |
Cisco | Cisco IOS XE Software | affected 3.7.0Saffected 3.7.1Saffected 3.7.2Saffected 3.7.3Saffected 3.7.4S+376 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now