CVE-2024-20433

CVSS 3.1 Score 8.6 of 10 (high)

Details

Published Sep 25, 2024
Updated: Sep 26, 2024
CWE ID 121

Summary

CVE-2024-20433 is a high-severity vulnerability affecting Cisco IOS Software and Cisco IOS XE Software, caused by a buffer overflow in the Resource Reservation Protocol (RSVP) feature. An unauthenticated remote attacker can exploit this vulnerability by sending crafted RSVP packets, potentially leading to an unexpected device reload and resulting in a denial of service (DoS) condition. The exploitability score is rated at 3.9, with an overall base score of 8.6 on the CVSS scale, indicating a high impact on availability. To remediate this vulnerability, organizations should apply the necessary patches provided by Cisco as outlined in their security advisory. Failure to address this issue could leave systems vulnerable to significant disruptions in service and operational capabilities.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share