Cisco IOS and IOS XE Vulnerability: Heap Underflow Due to IKEv1 Fragmentation Code Flaw
CVE-2024-20308

8.6HIGH

Key Information:

Vendor
Cisco
Status
iOS
Cisco iOS Xe Software
Vendor
CVE Published:
27 March 2024

Badges

👾 Exploit Exists

Summary

A security flaw has been identified in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software that allows an unauthenticated, remote attacker to exploit the affected device. The vulnerability arises from a failure to properly reassemble crafted, fragmented IKEv1 packets, which could lead to a heap underflow condition. An attacker can exploit this issue by sending specifically crafted UDP packets to the affected system. Successful exploitation may cause the device to reload, thus resulting in a denial of service (DoS) condition. The vulnerability is applicable to both IPv4 and IPv6 traffic, which means that only traffic directed at the affected system is capable of triggering the flaw.

Affected Version(s)

Cisco IOS XE Software 3.7.0S

Cisco IOS XE Software 3.7.1S

Cisco IOS XE Software 3.7.2S

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.