CVE-2024-20464

CVSS 3.1 Score 8.6 of 10 (high)

Details

Published Sep 25, 2024
Updated: Sep 26, 2024
CWE ID 20

Summary

CVE-2024-20464 is a vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software that allows unauthenticated remote attackers to cause a denial of service (DoS) condition on affected devices. This issue arises from insufficient validation of received IPv4 PIMv2 packets, enabling attackers to exploit it by sending crafted packets to PIM-enabled interfaces. The affected Cisco products include various models such as y9qcn1, y8n9j6, and others. To mitigate this vulnerability, organizations are advised to update their Cisco IOS XE Software to the latest version that addresses this security flaw. If successfully exploited, the vulnerability could result in device reloads and significant downtime for network operations due to the high availability impact score of 8.6.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share