CVE-2024-20313 | THREATINT

Assigner	cisco
Reserved	2023-11-08
Published	2024-04-24
Updated	2024-08-09

Description

A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

HIGH: 7.4

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Problem types

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

17.5.1

affected

17.5.1a

affected

17.6.1

affected

17.6.2

affected

17.6.1w

affected

17.6.1a

affected

17.6.1x

affected

17.6.3

affected

17.6.1y

affected

17.6.1z

affected

17.6.3a

affected

17.6.4

affected

17.6.1z1

affected

17.6.5

affected

17.6.5a

affected

17.7.1

affected

17.7.1a

affected

17.7.1b

affected

17.7.2

affected

17.10.1

affected

17.10.1a

affected

17.10.1b

affected

17.8.1

affected

17.8.1a

affected

17.9.1

affected

17.9.1w

affected

17.9.2

affected

17.9.1a

affected

17.9.1x

affected

17.9.1y

affected

17.9.3

affected

17.9.2a

affected

17.9.1x1

affected

17.9.3a

affected

17.9.1y1

affected

17.11.1

affected

17.11.1a

affected

17.11.99SW

affected

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ospf-dos-dR9Sfrxp (cisco-sa-iosxe-ospf-dos-dR9Sfrxp)

cve.org CVE-2024-20313

nvd.nist.gov CVE-2024-20313

Download JSON