CVE-2024-20259Heap-based Buffer Overflow in Cisco IOS XE Software

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write4 documents4 sources
Severity
8.6HIGHNVD
EPSS
0.4%
top 40.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMar 27

Description

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software80 versions+79
NVDcisco/ios_xe80 versions+79

🔴Vulnerability Details

2
GHSA
GHSA-3rfg-x7h2-v33m: A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to r2024-03-27
CVEList
CVE-2024-20259: A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to r2024-03-27

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software DHCP Snooping with Endpoint Analytics Denial of Service Vulnerability2024-03-27
CVE-2024-20259 — Heap-based Buffer Overflow in Cisco | cvebase