CVE-2024-20496Out-of-bounds Write in Cisco Sd-wan Vedge Cloud

CWE-787Out-of-bounds Write4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.1%
top 82.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wan Vedge CloudCisco Sd-wan Vedge Router
Timeline
PublishedSep 25

Description

A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to incorrect handling of a specific type of malformed UDP packet. An attacker in a machine-in-the-middle position could exploit this vulnerability by sending crafted UDP packets to an affected device. A successful exploit could allow the attacker to cause the device to rebo

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 1.6 | Impact: 4.0

Affected Packages2 packages

CVEListV5cisco/cisco_sd-wan_vedge_cloud77 versions+76
CVEListV5cisco/cisco_sd-wan_vedge_router81 versions+80

🔴Vulnerability Details

2
GHSA
GHSA-3phf-8x93-jmv2: A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial o2024-09-25
CVEList
Cisco SD-WAN vEdge Routers Denial of Service Vulnerability2024-09-25

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vEdge Software UDP Packet Validation Denial of Service Vulnerability2024-09-25
CVE-2024-20496 — Out-of-bounds Write in Cisco | cvebase