CVE-2024-20434Integer Overflow or Wraparound in Cisco IOS XE Software

CWE-190Integer Overflow or Wraparound4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 76.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedSep 25

Description

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected device. A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. The device would not be accessi

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software91 versions+90
NVDcisco/ios_xe91 versions+90

🔴Vulnerability Details

2
CVEList
CVE-2024-20434: A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control2024-09-25
GHSA
GHSA-4g2v-4q6g-26v9: A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control2024-09-25

📋Vendor Advisories

1
Cisco
Cisco Catalyst 9000 Series Switches Denial of Service Vulnerability2024-09-25
CVE-2024-20434 — Integer Overflow or Wraparound | cvebase