CVE-2024-20496

Sept. 26, 2024, 1:32 p.m.

Tags

ykramarz@cisco.com
CWE-787
2024-09-25
CVE-2024-20496

CVSS Score

6.1 / 10

Product(s) Impacted

Cisco SD-WAN vEdge Software

Description

A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to incorrect handling of a specific type of malformed UDP packet. An attacker in a machine-in-the-middle position could exploit this vulnerability by sending crafted UDP packets to an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition on the affected system.

Weaknesses

CWE-787
Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CWE ID: 787

Date

Published: Sept. 25, 2024, 5:15 p.m.

Last Modified: Sept. 26, 2024, 1:32 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

ykramarz@cisco.com

CVSS Data

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score
6.1
Exploitability Score
1.6
Impact Score
4.0
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-vedos-KqFfhps3
ykramarz@cisco.com