CVE-2024-20313

A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.4 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
ciscoCNA
7.4 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
ciscoios_xe
17.5.1
ciscoios_xe
17.5.1a:a
ciscoios_xe
17.6.1
ciscoios_xe
17.6.1a:a
ciscoios_xe
17.6.1w:w
ciscoios_xe
17.6.1x:x
ciscoios_xe
17.6.1y:y
ciscoios_xe
17.6.1z:z
ciscoios_xe
17.6.1z1:z1
ciscoios_xe
17.6.2
ciscoios_xe
17.6.3
ciscoios_xe
17.6.3a:a
ciscoios_xe
17.6.4
ciscoios_xe
17.6.5
ciscoios_xe
17.6.5a:a
ciscoios_xe
17.7.1
ciscoios_xe
17.7.1a:a
ciscoios_xe
17.7.1b:b
ciscoios_xe
17.7.2
ciscoios_xe
17.8.1
ciscoios_xe
17.8.1a:a
ciscoios_xe
17.9.1
ciscoios_xe
17.9.1a:a
ciscoios_xe
17.9.1w:w
ciscoios_xe
17.9.1x:x
ciscoios_xe
17.9.1x1:x1
ciscoios_xe
17.9.1y:y
ciscoios_xe
17.9.1y1:y1
ciscoios_xe
17.9.2
ciscoios_xe
17.9.2a:a
ciscoios_xe
17.9.3
ciscoios_xe
17.9.3a:a
ciscoios_xe
17.10.1
ciscoios_xe
17.10.1a:a
ciscoios_xe
17.10.1b:b
ciscoios_xe
17.11.1
ciscoios_xe
17.11.1a:a
ciscoios_xe
17.11.99sw:sw
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ospf-dos-dR9Sfrxp
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ospf-dos-dR9Sfrxp