Cisco IOS XE Software Vulnerability Could Lead to Unauthorized Reload and Denial of Service

CVE-2024-20313

7.4HIGH

Key Information

Vendor: Cisco
Status: Cisco iOS Xe Software
Vendor: CVE Published:; 24 April 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Affected Version(s)

Cisco IOS XE Software = 17.5.1

Cisco IOS XE Software = 17.5.1a

Cisco IOS XE Software = 17.6.1

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit known to exist
Aug 9, 2024
Vulnerability published
Apr 24, 2024
Vulnerability Reserved
Nov 8, 2023

Collectors

NVD DatabaseMitre Database