Cisco IOS XE Software Vulnerability Could Lead to Denial of Service
CVE-2024-20436

7.5HIGH

Key Information:

Vendor: Cisco
Status: iOS Xe
Vendor: CVE Published:; 25 September 2024

Summary

The vulnerability exists in the HTTP Server feature of Cisco IOS XE Software specifically when the Telephony Service feature is enabled. This issue allows an unauthenticated remote attacker to exploit a null pointer dereference by sending specially crafted HTTP traffic to an affected device. A successful attack can lead to the device reloading, effectively causing a denial of service condition that disrupts normal functionality. It is crucial to address this vulnerability to maintain system integrity and availability.

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 25, 2024