CVE-2024-20311 — Uncontrolled Recursion in Cisco IOS XE Software

CWE-674 — Uncontrolled Recursion4 documents4 sources

Severity

7.5HIGHNVD

CNA8.6

EPSS

0.8%

top 25.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Software Cisco IOS Cisco IOS XE

Timeline

PublishedMar 27

Description

A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit this vulnerability by sending a crafted LISP packet to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5cisco/cisco_ios_xe_software318 versions+317

▶CVEListV5cisco/ios390 versions+389

▶NVDcisco/ios390 versions+389

▶NVDcisco/ios_xe318 versions+317

🔴Vulnerability Details

GHSA

GHSA-6r9p-4766-xgg4: A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, r↗2024-03-27

▶

CVEList

CVE-2024-20311: A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, r↗2024-03-27

▶

📋Vendor Advisories

Cisco

Cisco IOS and IOS XE Software Locator ID Separation Protocol Denial of Service Vulnerability↗2024-03-27

▶