CVE-2024-20313

Description

A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Reserved 2023-11-08 | Published 2024-04-24 | Updated 2024-08-09 | Assigner cisco

Problem types

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

17.5.1
affected

17.5.1a
affected

17.6.1
affected

17.6.2
affected

17.6.1w
affected

17.6.1a
affected

17.6.1x
affected

17.6.3
affected

17.6.1y
affected

17.6.1z
affected

17.6.3a
affected

17.6.4
affected

17.6.1z1
affected

17.6.5
affected

17.6.5a
affected

17.7.1
affected

17.7.1a
affected

17.7.1b
affected

17.7.2
affected

17.10.1
affected

17.10.1a
affected

17.10.1b
affected

17.8.1
affected

17.8.1a
affected

17.9.1
affected

17.9.1w
affected

17.9.2
affected

17.9.1a
affected

17.9.1x
affected

17.9.1y
affected

17.9.3
affected

17.9.2a
affected

17.9.1x1
affected

17.9.3a
affected

17.9.1y1
affected

17.11.1
affected

17.11.1a
affected

17.11.99SW
affected

References

sec.cloudapps.cisco.com/.../cisco-sa-iosxe-ospf-dos-dR9Sfrxp (cisco-sa-iosxe-ospf-dos-dR9Sfrxp)

cve.org (CVE-2024-20313)

nvd.nist.gov (CVE-2024-20313)

Download JSON