CVE-2024-20467

CVSS 3.1 Score 8.6 of 10 (high)

Details

Published Sep 25, 2024
Updated: Sep 26, 2024
CWE ID 399

Summary

CVE-2024-20467 is a vulnerability in the IPv4 fragmentation reassembly code within Cisco IOS XE Software that affects the Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers running releases 17.12.1 or 17.12.1a. This flaw could allow an unauthenticated remote attacker to exploit the device by sending specially crafted fragmented packets, potentially leading to a denial of service (DoS) condition through device reloads. The vulnerability arises from improper resource management during fragment reassembly, classified as CWE-399 (Resource Management Errors). To mitigate this risk, organizations are advised to update their affected devices to a secure version of Cisco IOS XE Software as recommended by Cisco's security advisory. With a CVSS base score of 8.6, the potential impact on availability is high, making it critical for affected organizations to address this issue promptly to maintain network stability and security.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share