CVE-2024-20480Operator Precedence Logic Error in Cisco IOS XE Software

CWE-783Operator Precedence Logic ErrorCWE-670Always-Incorrect Control Flow ImplementationCWE-20Improper Input Validation5 documents5 sources
Severity
8.6HIGHNVD
EPSS
1.2%
top 21.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedSep 25
Latest updateJan 11

Description

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition that requires a manual reload to recover. This vulnerability is due to improper handling of IPv4 DHCP packets. An attacker could exploit this vulnerability by sending certain IPv4 DHCP packets to an affected device. A succe

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software205 versions+204
NVDcisco/ios_xe205 versions+204

🔴Vulnerability Details

2
CVEList
CVE-2024-20480: A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthen2024-09-25
GHSA
GHSA-2g8x-wxp8-jhpg: A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthen2024-09-25

📋Vendor Advisories

2
Red Hat
kernel: ALSA: memalloc: prefer dma_mapping_error() over explicit address checking2025-01-11
Cisco
Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability2024-09-25
CVE-2024-20480 — Operator Precedence Logic Error | cvebase