CVE-2024-20464 HIGH

CVE-2024-20464

Vendor Cisco

Product Cisco IOS XE Software

Weakness CWE-20 · Input validation

Published September 25, 2024

Last update September 25, 2024

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of received IPv4 PIMv2 packets. An attacker could exploit this vulnerability by sending a crafted PIMv2 packet to a PIM-enabled interface on an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Note: This vulnerability can be exploited with either an IPv4 multicast or unicast packet.

Key dates

02Disclosure timeline

September 25, 2024 CVE published

September 25, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-20464 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2024-20464

CWE CWE-20

CVSS 8.6 / HIGH

Affected versions

Vendor Cisco

Product Cisco IOS XE Software

Affected 17.13.1

Vendor Cisco

Product Cisco IOS XE Software

Affected 17.13.1a

CVE-2024-20464

01Description

02Disclosure timeline

03References

04Related CVE