Description
A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to a null pointer dereference when accessing specific URLs. An attacker could exploit this vulnerability by sending crafted HTTP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a DoS condition on the affected device.
Reserved 2023-11-08 | Published 2024-09-25 | Updated 2024-09-25 | Assigner
ciscoHIGH: 8.6CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Problem types
NULL Pointer Dereference
Product status
3.9.1S
affected
3.9.2S
affected
3.9.0aS
affected
3.10.0S
affected
3.10.1S
affected
3.10.2S
affected
3.10.3S
affected
3.10.4S
affected
3.10.5S
affected
3.10.6S
affected
3.10.2tS
affected
3.10.7S
affected
3.10.8S
affected
3.10.8aS
affected
3.10.9S
affected
3.10.10S
affected
3.11.1S
affected
3.11.2S
affected
3.11.0S
affected
3.11.3S
affected
3.11.4S
affected
3.12.0S
affected
3.12.1S
affected
3.12.2S
affected
3.12.3S
affected
3.12.4S
affected
3.13.0S
affected
3.13.1S
affected
3.13.2S
affected
3.13.3S
affected
3.13.4S
affected
3.13.5S
affected
3.13.6S
affected
3.13.7S
affected
3.13.6aS
affected
3.13.8S
affected
3.13.9S
affected
3.13.10S
affected
3.14.0S
affected
3.14.1S
affected
3.14.2S
affected
3.14.3S
affected
3.14.4S
affected
3.15.0S
affected
3.15.1S
affected
3.15.2S
affected
3.15.1cS
affected
3.15.3S
affected
3.15.4S
affected
3.16.0S
affected
3.16.1aS
affected
3.16.2S
affected
3.16.0cS
affected
3.16.3S
affected
3.16.4aS
affected
3.16.4bS
affected
3.16.5S
affected
3.16.4dS
affected
3.16.6S
affected
3.16.7S
affected
3.16.6bS
affected
3.16.7aS
affected
3.16.7bS
affected
3.16.8S
affected
3.16.9S
affected
3.16.10S
affected
3.17.0S
affected
3.17.1S
affected
3.17.2S
affected
3.17.3S
affected
3.17.4S
affected
16.2.1
affected
16.2.2
affected
16.3.1
affected
16.3.2
affected
16.3.3
affected
16.3.1a
affected
16.3.4
affected
16.3.5
affected
16.3.6
affected
16.3.7
affected
16.3.8
affected
16.3.9
affected
16.3.10
affected
16.3.11
affected
16.4.1
affected
16.4.2
affected
16.4.3
affected
16.5.1
affected
16.5.1b
affected
16.5.2
affected
16.5.3
affected
3.18.2aSP
affected
16.6.1
affected
16.6.2
affected
16.6.3
affected
16.6.4
affected
16.6.5
affected
16.6.6
affected
16.6.7
affected
16.6.8
affected
16.6.9
affected
16.6.10
affected
16.7.1
affected
16.7.2
affected
16.7.3
affected
16.8.1
affected
16.8.1s
affected
16.8.2
affected
16.8.3
affected
16.9.1
affected
16.9.2
affected
16.9.1s
affected
16.9.3
affected
16.9.4
affected
16.9.5
affected
16.9.6
affected
16.9.7
affected
16.9.8
affected
16.10.1
affected
16.10.1a
affected
16.10.1b
affected
16.10.1s
affected
16.10.1e
affected
16.10.2
affected
16.10.3
affected
16.11.1
affected
16.11.1a
affected
16.11.1b
affected
16.11.2
affected
16.11.1s
affected
16.12.1
affected
16.12.1s
affected
16.12.1a
affected
16.12.1c
affected
16.12.2
affected
16.12.3
affected
16.12.8
affected
16.12.2s
affected
16.12.4
affected
16.12.3s
affected
16.12.4a
affected
16.12.5
affected
16.12.6
affected
16.12.7
affected
17.1.1
affected
17.1.1s
affected
17.1.1t
affected
17.1.3
affected
17.2.1
affected
17.2.1r
affected
17.2.1v
affected
17.2.2
affected
17.2.3
affected
17.3.1
affected
17.3.2
affected
17.3.3
affected
17.3.1a
affected
17.3.4
affected
17.3.5
affected
17.3.4a
affected
17.3.6
affected
17.3.7
affected
17.3.8
affected
17.3.8a
affected
17.4.1
affected
17.4.2
affected
17.4.1a
affected
17.4.1b
affected
17.5.1
affected
17.5.1a
affected
17.6.1
affected
17.6.2
affected
17.6.1a
affected
17.6.3
affected
17.6.3a
affected
17.6.4
affected
17.6.5
affected
17.6.6
affected
17.6.6a
affected
17.6.5a
affected
17.7.1
affected
17.7.1a
affected
17.7.2
affected
17.10.1
affected
17.10.1a
affected
17.10.1b
affected
17.8.1
affected
17.8.1a
affected
17.9.1
affected
17.9.2
affected
17.9.1a
affected
17.9.3
affected
17.9.2a
affected
17.9.3a
affected
17.9.4
affected
17.9.4a
affected
17.11.1
affected
17.11.1a
affected
17.12.1
affected
17.12.1a
affected
References
sec.cloudapps.cisco.com/...ory/cisco-sa-httpsrvr-dos-yOZThut (cisco-sa-httpsrvr-dos-yOZThut)
cve.org (CVE-2024-20436)
nvd.nist.gov (CVE-2024-20436)
Download JSON
Subscribe to our newsletter to learn more about our work.