Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-20480

Oct. 3, 2024, 8:07 p.m.

CVSS Score

8.6 / 10

Products Impacted

Vendor Product Versions
cisco
  • ios_xe
  • 16.1.1, 16.1.2, 16.1.3, 16.2.1, 16.2.2, 16.3.1, 16.3.1a, 16.3.2, 16.3.3, 16.3.4, 16.3.5, 16.3.5b, 16.3.6, 16.3.7, 16.3.8, 16.3.9, 16.3.10, 16.3.11, 16.4.1, 16.4.2, 16.4.3, 16.5.1, 16.5.1a, 16.5.1b, 16.5.2, 16.5.3, 16.6.1, 16.6.2, 16.6.3, 16.6.4, 16.6.4a, 16.6.5, 16.6.5a, 16.6.6, 16.6.7, 16.6.8, 16.6.9, 16.6.10, 16.7.1, 16.7.1a, 16.7.1b, 16.7.2, 16.7.3, 16.7.4, 16.8.1, 16.8.1a, 16.8.1b, 16.8.1c, 16.8.1d, 16.8.1e, 16.8.1s, 16.8.2, 16.8.3, 16.9.1, 16.9.1a, 16.9.1b, 16.9.1s, 16.9.2, 16.9.3, 16.9.3a, 16.9.4, 16.9.5, 16.9.5f, 16.9.6, 16.9.7, 16.9.8, 16.10.1, 16.10.1a, 16.10.1b, 16.10.1c, 16.10.1d, 16.10.1e, 16.10.1f, 16.10.1g, 16.10.1s, 16.10.2, 16.10.3, 16.11.1, 16.11.1a, 16.11.1b, 16.11.1s, 16.11.2, 16.12.1, 16.12.1a, 16.12.1c, 16.12.1s, 16.12.1t, 16.12.1w, 16.12.1x, 16.12.1y, 16.12.1z1, 16.12.1z2, 16.12.2, 16.12.2a, 16.12.2s, 16.12.3, 16.12.3a, 16.12.3s, 16.12.4, 16.12.4a, 16.12.5, 16.12.5a, 16.12.5b, 16.12.6, 16.12.6a, 16.12.7, 16.12.8, 16.12.9, 16.12.10, 16.12.10a, 16.12.11, 17.1.1, 17.1.1a, 17.1.1s, 17.1.1t, 17.1.3, 17.2.1, 17.2.1a, 17.2.1r, 17.2.1v, 17.2.2, 17.2.3, 17.3.1, 17.3.1a, 17.3.1w, 17.3.1x, 17.3.1z, 17.3.2, 17.3.2a, 17.3.3, 17.3.4, 17.3.4a, 17.3.4b, 17.3.4c, 17.3.5, 17.3.5a, 17.3.5b, 17.3.6, 17.3.7, 17.3.8, 17.3.8a, 17.4.1, 17.4.1a, 17.4.1b, 17.4.2, 17.4.2a, 17.5.1, 17.5.1a, 17.6.1, 17.6.1a, 17.6.1w, 17.6.1x, 17.6.1y, 17.6.1z, 17.6.1z1, 17.6.2, 17.6.3, 17.6.3a, 17.6.4, 17.6.5, 17.6.5a, 17.6.6, 17.6.6a, 17.6.7, 17.7.1, 17.7.1a, 17.7.1b, 17.7.2, 17.8.1, 17.8.1a, 17.9.1, 17.9.1a, 17.9.1w, 17.9.1x, 17.9.1x1, 17.9.1y, 17.9.1y1, 17.9.2, 17.9.2a, 17.9.3, 17.9.3a, 17.9.4, 17.9.4a, 17.9.5, 17.9.5a, 17.9.5b, 17.10.1, 17.10.1a, 17.10.1b, 17.11.1, 17.11.1a, 17.11.99sw, 17.12.1, 17.12.1a, 17.12.1w, 17.12.1x, 17.12.1y, 17.12.2, 17.12.2a, 17.12.3, 17.12.3a, 17.13.1, 17.13.1a, 17.14.1, 17.14.1a

Description

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utilization on an affected device, resulting in a denial of service (DoS) condition that requires a manual reload to recover. This vulnerability is due to improper handling of IPv4 DHCP packets. An attacker could exploit this vulnerability by sending certain IPv4 DHCP packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition that requires a manual reload to recover.

Weaknesses

CWE-670
Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

CWE ID: 670
CWE-783
Operator Precedence Logic Error

The product uses an expression in which operator precedence causes incorrect logic to be used.

CWE ID: 783

Date

Published: Sept. 25, 2024, 5:15 p.m.

Last Modified: Oct. 3, 2024, 8:07 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

ykramarz@cisco.com

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o cisco ios_xe 16.1.1 / / / / / / /
o cisco ios_xe 16.1.2 / / / / / / /
o cisco ios_xe 16.1.3 / / / / / / /
o cisco ios_xe 16.2.1 / / / / / / /
o cisco ios_xe 16.2.2 / / / / / / /
o cisco ios_xe 16.3.1 / / / / / / /
o cisco ios_xe 16.3.1a / / / / / / /
o cisco ios_xe 16.3.2 / / / / / / /
o cisco ios_xe 16.3.3 / / / / / / /
o cisco ios_xe 16.3.4 / / / / / / /
o cisco ios_xe 16.3.5 / / / / / / /
o cisco ios_xe 16.3.5b / / / / / / /
o cisco ios_xe 16.3.6 / / / / / / /
o cisco ios_xe 16.3.7 / / / / / / /
o cisco ios_xe 16.3.8 / / / / / / /
o cisco ios_xe 16.3.9 / / / / / / /
o cisco ios_xe 16.3.10 / / / / / / /
o cisco ios_xe 16.3.11 / / / / / / /
o cisco ios_xe 16.4.1 / / / / / / /
o cisco ios_xe 16.4.2 / / / / / / /
o cisco ios_xe 16.4.3 / / / / / / /
o cisco ios_xe 16.5.1 / / / / / / /
o cisco ios_xe 16.5.1a / / / / / / /
o cisco ios_xe 16.5.1b / / / / / / /
o cisco ios_xe 16.5.2 / / / / / / /
o cisco ios_xe 16.5.3 / / / / / / /
o cisco ios_xe 16.6.1 / / / / / / /
o cisco ios_xe 16.6.2 / / / / / / /
o cisco ios_xe 16.6.3 / / / / / / /
o cisco ios_xe 16.6.4 / / / / / / /
o cisco ios_xe 16.6.4a / / / / / / /
o cisco ios_xe 16.6.5 / / / / / / /
o cisco ios_xe 16.6.5a / / / / / / /
o cisco ios_xe 16.6.6 / / / / / / /
o cisco ios_xe 16.6.7 / / / / / / /
o cisco ios_xe 16.6.8 / / / / / / /
o cisco ios_xe 16.6.9 / / / / / / /
o cisco ios_xe 16.6.10 / / / / / / /
o cisco ios_xe 16.7.1 / / / / / / /
o cisco ios_xe 16.7.1a / / / / / / /
o cisco ios_xe 16.7.1b / / / / / / /
o cisco ios_xe 16.7.2 / / / / / / /
o cisco ios_xe 16.7.3 / / / / / / /
o cisco ios_xe 16.7.4 / / / / / / /
o cisco ios_xe 16.8.1 / / / / / / /
o cisco ios_xe 16.8.1a / / / / / / /
o cisco ios_xe 16.8.1b / / / / / / /
o cisco ios_xe 16.8.1c / / / / / / /
o cisco ios_xe 16.8.1d / / / / / / /
o cisco ios_xe 16.8.1e / / / / / / /
o cisco ios_xe 16.8.1s / / / / / / /
o cisco ios_xe 16.8.2 / / / / / / /
o cisco ios_xe 16.8.3 / / / / / / /
o cisco ios_xe 16.9.1 / / / / / / /
o cisco ios_xe 16.9.1a / / / / / / /
o cisco ios_xe 16.9.1b / / / / / / /
o cisco ios_xe 16.9.1s / / / / / / /
o cisco ios_xe 16.9.2 / / / / / / /
o cisco ios_xe 16.9.3 / / / / / / /
o cisco ios_xe 16.9.3a / / / / / / /
o cisco ios_xe 16.9.4 / / / / / / /
o cisco ios_xe 16.9.5 / / / / / / /
o cisco ios_xe 16.9.5f / / / / / / /
o cisco ios_xe 16.9.6 / / / / / / /
o cisco ios_xe 16.9.7 / / / / / / /
o cisco ios_xe 16.9.8 / / / / / / /
o cisco ios_xe 16.10.1 / / / / / / /
o cisco ios_xe 16.10.1a / / / / / / /
o cisco ios_xe 16.10.1b / / / / / / /
o cisco ios_xe 16.10.1c / / / / / / /
o cisco ios_xe 16.10.1d / / / / / / /
o cisco ios_xe 16.10.1e / / / / / / /
o cisco ios_xe 16.10.1f / / / / / / /
o cisco ios_xe 16.10.1g / / / / / / /
o cisco ios_xe 16.10.1s / / / / / / /
o cisco ios_xe 16.10.2 / / / / / / /
o cisco ios_xe 16.10.3 / / / / / / /
o cisco ios_xe 16.11.1 / / / / / / /
o cisco ios_xe 16.11.1a / / / / / / /
o cisco ios_xe 16.11.1b / / / / / / /
o cisco ios_xe 16.11.1s / / / / / / /
o cisco ios_xe 16.11.2 / / / / / / /
o cisco ios_xe 16.12.1 / / / / / / /
o cisco ios_xe 16.12.1a / / / / / / /
o cisco ios_xe 16.12.1c / / / / / / /
o cisco ios_xe 16.12.1s / / / / / / /
o cisco ios_xe 16.12.1t / / / / / / /
o cisco ios_xe 16.12.1w / / / / / / /
o cisco ios_xe 16.12.1x / / / / / / /
o cisco ios_xe 16.12.1y / / / / / / /
o cisco ios_xe 16.12.1z1 / / / / / / /
o cisco ios_xe 16.12.1z2 / / / / / / /
o cisco ios_xe 16.12.2 / / / / / / /
o cisco ios_xe 16.12.2a / / / / / / /
o cisco ios_xe 16.12.2s / / / / / / /
o cisco ios_xe 16.12.3 / / / / / / /
o cisco ios_xe 16.12.3a / / / / / / /
o cisco ios_xe 16.12.3s / / / / / / /
o cisco ios_xe 16.12.4 / / / / / / /
o cisco ios_xe 16.12.4a / / / / / / /
o cisco ios_xe 16.12.5 / / / / / / /
o cisco ios_xe 16.12.5a / / / / / / /
o cisco ios_xe 16.12.5b / / / / / / /
o cisco ios_xe 16.12.6 / / / / / / /
o cisco ios_xe 16.12.6a / / / / / / /
o cisco ios_xe 16.12.7 / / / / / / /
o cisco ios_xe 16.12.8 / / / / / / /
o cisco ios_xe 16.12.9 / / / / / / /
o cisco ios_xe 16.12.10 / / / / / / /
o cisco ios_xe 16.12.10a / / / / / / /
o cisco ios_xe 16.12.11 / / / / / / /
o cisco ios_xe 17.1.1 / / / / / / /
o cisco ios_xe 17.1.1a / / / / / / /
o cisco ios_xe 17.1.1s / / / / / / /
o cisco ios_xe 17.1.1t / / / / / / /
o cisco ios_xe 17.1.3 / / / / / / /
o cisco ios_xe 17.2.1 / / / / / / /
o cisco ios_xe 17.2.1a / / / / / / /
o cisco ios_xe 17.2.1r / / / / / / /
o cisco ios_xe 17.2.1v / / / / / / /
o cisco ios_xe 17.2.2 / / / / / / /
o cisco ios_xe 17.2.3 / / / / / / /
o cisco ios_xe 17.3.1 / / / / / / /
o cisco ios_xe 17.3.1a / / / / / / /
o cisco ios_xe 17.3.1w / / / / / / /
o cisco ios_xe 17.3.1x / / / / / / /
o cisco ios_xe 17.3.1z / / / / / / /
o cisco ios_xe 17.3.2 / / / / / / /
o cisco ios_xe 17.3.2a / / / / / / /
o cisco ios_xe 17.3.3 / / / / / / /
o cisco ios_xe 17.3.4 / / / / / / /
o cisco ios_xe 17.3.4a / / / / / / /
o cisco ios_xe 17.3.4b / / / / / / /
o cisco ios_xe 17.3.4c / / / / / / /
o cisco ios_xe 17.3.5 / / / / / / /
o cisco ios_xe 17.3.5a / / / / / / /
o cisco ios_xe 17.3.5b / / / / / / /
o cisco ios_xe 17.3.6 / / / / / / /
o cisco ios_xe 17.3.7 / / / / / / /
o cisco ios_xe 17.3.8 / / / / / / /
o cisco ios_xe 17.3.8a / / / / / / /
o cisco ios_xe 17.4.1 / / / / / / /
o cisco ios_xe 17.4.1a / / / / / / /
o cisco ios_xe 17.4.1b / / / / / / /
o cisco ios_xe 17.4.2 / / / / / / /
o cisco ios_xe 17.4.2a / / / / / / /
o cisco ios_xe 17.5.1 / / / / / / /
o cisco ios_xe 17.5.1a / / / / / / /
o cisco ios_xe 17.6.1 / / / / / / /
o cisco ios_xe 17.6.1a / / / / / / /
o cisco ios_xe 17.6.1w / / / / / / /
o cisco ios_xe 17.6.1x / / / / / / /
o cisco ios_xe 17.6.1y / / / / / / /
o cisco ios_xe 17.6.1z / / / / / / /
o cisco ios_xe 17.6.1z1 / / / / / / /
o cisco ios_xe 17.6.2 / / / / / / /
o cisco ios_xe 17.6.3 / / / / / / /
o cisco ios_xe 17.6.3a / / / / / / /
o cisco ios_xe 17.6.4 / / / / / / /
o cisco ios_xe 17.6.5 / / / / / / /
o cisco ios_xe 17.6.5a / / / / / / /
o cisco ios_xe 17.6.6 / / / / / / /
o cisco ios_xe 17.6.6a / / / / / / /
o cisco ios_xe 17.6.7 / / / / / / /
o cisco ios_xe 17.7.1 / / / / / / /
o cisco ios_xe 17.7.1a / / / / / / /
o cisco ios_xe 17.7.1b / / / / / / /
o cisco ios_xe 17.7.2 / / / / / / /
o cisco ios_xe 17.8.1 / / / / / / /
o cisco ios_xe 17.8.1a / / / / / / /
o cisco ios_xe 17.9.1 / / / / / / /
o cisco ios_xe 17.9.1a / / / / / / /
o cisco ios_xe 17.9.1w / / / / / / /
o cisco ios_xe 17.9.1x / / / / / / /
o cisco ios_xe 17.9.1x1 / / / / / / /
o cisco ios_xe 17.9.1y / / / / / / /
o cisco ios_xe 17.9.1y1 / / / / / / /
o cisco ios_xe 17.9.2 / / / / / / /
o cisco ios_xe 17.9.2a / / / / / / /
o cisco ios_xe 17.9.3 / / / / / / /
o cisco ios_xe 17.9.3a / / / / / / /
o cisco ios_xe 17.9.4 / / / / / / /
o cisco ios_xe 17.9.4a / / / / / / /
o cisco ios_xe 17.9.5 / / / / / / /
o cisco ios_xe 17.9.5a / / / / / / /
o cisco ios_xe 17.9.5b / / / / / / /
o cisco ios_xe 17.10.1 / / / / / / /
o cisco ios_xe 17.10.1a / / / / / / /
o cisco ios_xe 17.10.1b / / / / / / /
o cisco ios_xe 17.11.1 / / / / / / /
o cisco ios_xe 17.11.1a / / / / / / /
o cisco ios_xe 17.11.99sw / / / / / / /
o cisco ios_xe 17.12.1 / / / / / / /
o cisco ios_xe 17.12.1a / / / / / / /
o cisco ios_xe 17.12.1w / / / / / / /
o cisco ios_xe 17.12.1x / / / / / / /
o cisco ios_xe 17.12.1y / / / / / / /
o cisco ios_xe 17.12.2 / / / / / / /
o cisco ios_xe 17.12.2a / / / / / / /
o cisco ios_xe 17.12.3 / / / / / / /
o cisco ios_xe 17.12.3a / / / / / / /
o cisco ios_xe 17.13.1 / / / / / / /
o cisco ios_xe 17.13.1a / / / / / / /
o cisco ios_xe 17.14.1 / / / / / / /
o cisco ios_xe 17.14.1a / / / / / / /

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score
8.6
Exploitability Score
3.9
Impact Score
4.0
Base Severity
HIGH
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

References