CVE-2024-20455

CVSS 3.1 Score 8.6 of 10 (high)

Details

Published Sep 25, 2024
Updated: Sep 26, 2024
CWE ID 371

Summary

CVE-2024-20455 is a high-severity vulnerability affecting the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode. This flaw allows unauthenticated, remote attackers to trigger a denial of service (DoS) condition by sending specially crafted traffic through an SD-WAN IPsec tunnel, causing the affected device to reload. Notably, SD-WAN tunnels configured with Generic Routing Encapsulation (GRE) are not impacted. To remediate this vulnerability, organizations should apply the latest security updates provided by Cisco. Given its potential for significant availability impact, it poses a serious threat to network stability and operational continuity for affected organizations.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share