CVE-2024-20467Cisco IOS XE Software vulnerability

CWE-3994 documents4 sources
Severity
8.6HIGHNVD
EPSS
17.3%
top 4.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedSep 25

Description

A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper management of resources during fragment reassembly. An attacker could exploit this vulnerability by sending specific sizes of fragmented packets to an affected device or through a Virtual Fragmentation Reassembly (VFR)-enabled interface on a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software17.11.99SW, 17.12.1, 17.12.1a+2
NVDcisco/ios_xe17.11.99sw, 17.12.1, 17.12.1a+2

🔴Vulnerability Details

2
GHSA
GHSA-5q3p-266j-pj8x: A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attack2024-09-25
CVEList
CVE-2024-20467: A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attack2024-09-25

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software IPv4 Fragmentation Reassembly Denial of Service Vulnerability2024-09-25
CVE-2024-20467 — Cisco IOS XE Software vulnerability | cvebase