CVE-2024-20433Stack-based Buffer Overflow in Cisco IOS XE Software

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write4 documents4 sources
Severity
7.5HIGHNVD
CNA8.6
EPSS
1.1%
top 21.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco IOS XE SoftwareCisco IOSCisco IOS XE
Timeline
PublishedSep 25

Description

A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow when processing crafted RSVP packets. An attacker could exploit this vulnerability by sending RSVP traffic to an affected device. A successful exploit could allow the attacker to cause th

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5cisco/cisco_ios_xe_software397 versions+396
CVEListV5cisco/ios2037 versions+2036
NVDcisco/ios2037 versions+2036
NVDcisco/ios_xe397 versions+396

🔴Vulnerability Details

2
GHSA
GHSA-fg4m-w584-q5x8: A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, re2024-09-25
CVEList
CVE-2024-20433: A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, re2024-09-25

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software Resource Reservation Protocol Denial of Service Vulnerability2024-09-25
CVE-2024-20433 — Stack-based Buffer Overflow in Cisco | cvebase