CVE-2024-20276

27.03.2024, 17:15

A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly.

 This vulnerability is due to improper handling of process-switched traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.4 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
cisco	CNA	7.4 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 34%

Vendor	Product	Version
cisco	ios	15.5\(1\)sy5
cisco	ios	15.5\(1\)sy6
cisco	ios	15.5\(1\)sy7
cisco	ios	15.5\(1\)sy8
cisco	ios	15.5\(1\)sy9
cisco	ios	15.5\(1\)sy10
cisco	ios	15.5\(1\)sy11

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-248 - Uncaught Exception
An exception is thrown from a function, but it is not caught.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-dos-Hq4d3tZG