Cisco Ios Xe Software vulnerabilities

CVE-2024-20433 [HIGH] CWE-121 CVE-2024-20433: A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow when processing crafted RSVP packets. An

CVE-2024-20464 [HIGH] CWE-20 CVE-2024-20464: A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could a A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of received IPv4 PIMv2 packets. An attacker could exploit this vulnerability by sending a cr

CVE-2024-20437 [HIGH] CWE-352 CVE-2024-20437: A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauth A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected devi

CVE-2024-20467 [HIGH] CWE-399 CVE-2024-20467: A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Soft A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper management of resources during fragment reassembly. An attacker could exploit this vulnerabili

CVE-2024-20434 [MEDIUM] CWE-190 CVE-2024-20434: A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected de

CVE-2024-20414 [MEDIUM] CWE-285 CVE-2024-20414: A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. An attacker could e

CVE-2024-20313 [HIGH] CWE-120 CVE-2024-20313: A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unaut A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploi

CVE-2024-20310 [MEDIUM] CWE-23 CVE-2024-20310: A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Ser A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists because the web-based management interface does not properly

CVE-2024-20259 [HIGH] CWE-122 CVE-2024-20259: A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker cou

CVE-2024-20303 [HIGH] CWE-459 CVE-2024-20303: A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LA A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper management of mDNS client entries. An attacker could exploit this vulnerability by connecting to t

CVE-2024-20307 [HIGH] CWE-121 CVE-2024-20307: A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software coul A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerabili

CVE-2024-20312 [HIGH] CWE-476 CVE-2024-20312: A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Soft A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An atta

CVE-2024-20311 [HIGH] CWE-674 CVE-2024-20311: A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit this vulnerability by sending a crafted LISP packet to

CVE-2024-20308 [HIGH] CWE-787 CVE-2024-20308: A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software coul A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerabil

CVE-2024-20314 [HIGH] CWE-783 CVE-2024-20314: A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IO A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certai

CVE-2024-20306 [MEDIUM] CWE-233 CVE-2024-20306: A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device. This vulnerability is due to insuff

CVE-2024-20309 [MEDIUM] CWE-828 CVE-2024-20309: A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit

CVE-2024-20316 [MEDIUM] CWE-390 CVE-2024-20316: A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an u A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL). This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator

CVE-2024-20324 [MEDIUM] CWE-274 CVE-2024-20324: A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, lo A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords. This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and show tech wireless CLI commands to access configuration d

CVE-2024-20278 [MEDIUM] CWE-184 CVE-2024-20278: A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A success