CVE-2024-20314Operator Precedence Logic Error in Cisco IOS XE Software

CWE-783Operator Precedence Logic Error4 documents4 sources
Severity
7.5HIGHNVD
CNA8.6
EPSS
0.8%
top 25.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMar 27

Description

A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain IPv4 packets. An attacker could exploit this vulnerability by sending certain IPv4 packets to an affected device. A successful exploit could allo

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software186 versions+185
NVDcisco/ios_xe186 versions+185

🔴Vulnerability Details

2
CVEList
CVE-2024-20314: A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remo2024-03-27
GHSA
GHSA-xhrx-9p3c-7wxw: A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remo2024-03-27

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability2024-03-27
CVE-2024-20314 — Operator Precedence Logic Error | cvebase