CVE-2024-20436

HIGH EPSS 54.1%
Published Sep 25, 20241y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
High
Find Similar
Published Sep 25, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a null pointer dereference when accessing specific URLs. An attacker could exploit this vulnerability by sending crafted HTTP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a DoS condition on the affected device.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
54.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 201

VendorProductVersionRange
ciscoios_xe3.9.0asany
ciscoios_xe3.9.1sany
ciscoios_xe3.9.2sany
ciscoios_xe3.10.0sany
ciscoios_xe3.10.1sany
ciscoios_xe3.10.2sany
ciscoios_xe3.10.2tsany
ciscoios_xe3.10.3sany
ciscoios_xe3.10.4sany
ciscoios_xe3.10.5sany
ciscoios_xe3.10.6sany
ciscoios_xe3.10.7sany
ciscoios_xe3.10.8asany
ciscoios_xe3.10.8sany
ciscoios_xe3.10.9sany
ciscoios_xe3.10.10sany
ciscoios_xe3.11.0sany
ciscoios_xe3.11.1sany
ciscoios_xe3.11.2sany
ciscoios_xe3.11.3sany
ciscoios_xe3.11.4sany
ciscoios_xe3.12.0sany
ciscoios_xe3.12.1sany
ciscoios_xe3.12.2sany
ciscoios_xe3.12.3sany
ciscoios_xe3.12.4sany
ciscoios_xe3.13.0sany
ciscoios_xe3.13.1sany
ciscoios_xe3.13.2sany
ciscoios_xe3.13.3sany
ciscoios_xe3.13.4sany
ciscoios_xe3.13.5sany
ciscoios_xe3.13.6asany
ciscoios_xe3.13.6sany
ciscoios_xe3.13.7sany
ciscoios_xe3.13.8sany
ciscoios_xe3.13.9sany
ciscoios_xe3.13.10sany
ciscoios_xe3.14.0sany
ciscoios_xe3.14.1sany
ciscoios_xe3.14.2sany
ciscoios_xe3.14.3sany
ciscoios_xe3.14.4sany
ciscoios_xe3.15.0sany
ciscoios_xe3.15.1csany
ciscoios_xe3.15.1sany
ciscoios_xe3.15.2sany
ciscoios_xe3.15.3sany
ciscoios_xe3.15.4sany
ciscoios_xe3.16.0csany
ciscoios_xe3.16.0sany
ciscoios_xe3.16.1asany
ciscoios_xe3.16.2sany
ciscoios_xe3.16.3sany
ciscoios_xe3.16.4asany
ciscoios_xe3.16.4bsany
ciscoios_xe3.16.4dsany
ciscoios_xe3.16.5sany
ciscoios_xe3.16.6bsany
ciscoios_xe3.16.6sany
ciscoios_xe3.16.7asany
ciscoios_xe3.16.7bsany
ciscoios_xe3.16.7sany
ciscoios_xe3.16.8sany
ciscoios_xe3.16.9sany
ciscoios_xe3.16.10sany
ciscoios_xe3.17.0sany
ciscoios_xe3.17.1sany
ciscoios_xe3.17.2sany
ciscoios_xe3.17.3sany
ciscoios_xe3.17.4sany
ciscoios_xe3.18.2aspany
ciscoios_xe16.2.1any
ciscoios_xe16.2.2any
ciscoios_xe16.3.1any
ciscoios_xe16.3.1aany
ciscoios_xe16.3.2any
ciscoios_xe16.3.3any
ciscoios_xe16.3.4any
ciscoios_xe16.3.5any
ciscoios_xe16.3.6any
ciscoios_xe16.3.7any
ciscoios_xe16.3.8any
ciscoios_xe16.3.9any
ciscoios_xe16.3.10any
ciscoios_xe16.3.11any
ciscoios_xe16.4.1any
ciscoios_xe16.4.2any
ciscoios_xe16.4.3any
ciscoios_xe16.5.1any
ciscoios_xe16.5.1bany
ciscoios_xe16.5.2any
ciscoios_xe16.5.3any
ciscoios_xe16.6.1any
ciscoios_xe16.6.2any
ciscoios_xe16.6.3any
ciscoios_xe16.6.4any
ciscoios_xe16.6.5any
ciscoios_xe16.6.6any
ciscoios_xe16.6.7any
ciscoios_xe16.6.8any
ciscoios_xe16.6.9any
ciscoios_xe16.6.10any
ciscoios_xe16.7.1any
ciscoios_xe16.7.2any
ciscoios_xe16.7.3any
ciscoios_xe16.8.1any
ciscoios_xe16.8.1sany
ciscoios_xe16.8.2any
ciscoios_xe16.8.3any
ciscoios_xe16.9.1any
ciscoios_xe16.9.1sany
ciscoios_xe16.9.2any
ciscoios_xe16.9.3any
ciscoios_xe16.9.4any
ciscoios_xe16.9.5any
ciscoios_xe16.9.6any
ciscoios_xe16.9.7any
ciscoios_xe16.9.8any
ciscoios_xe16.10.1any
ciscoios_xe16.10.1aany
ciscoios_xe16.10.1bany
ciscoios_xe16.10.1eany
ciscoios_xe16.10.1sany
ciscoios_xe16.10.2any
ciscoios_xe16.10.3any
ciscoios_xe16.11.1any
ciscoios_xe16.11.1aany
ciscoios_xe16.11.1bany
ciscoios_xe16.11.1sany
ciscoios_xe16.11.2any
ciscoios_xe16.12.1any
ciscoios_xe16.12.1aany
ciscoios_xe16.12.1cany
ciscoios_xe16.12.1sany
ciscoios_xe16.12.2any
ciscoios_xe16.12.2sany
ciscoios_xe16.12.3any
ciscoios_xe16.12.3sany
ciscoios_xe16.12.4any
ciscoios_xe16.12.4aany
ciscoios_xe16.12.5any
ciscoios_xe16.12.6any
ciscoios_xe16.12.7any
ciscoios_xe16.12.8any
ciscoios_xe17.1.1any
ciscoios_xe17.1.1sany
ciscoios_xe17.1.1tany
ciscoios_xe17.1.3any
ciscoios_xe17.2.1any
ciscoios_xe17.2.1rany
ciscoios_xe17.2.1vany
ciscoios_xe17.2.2any
ciscoios_xe17.2.3any
ciscoios_xe17.3.1any
ciscoios_xe17.3.1aany
ciscoios_xe17.3.2any
ciscoios_xe17.3.3any
ciscoios_xe17.3.4any
ciscoios_xe17.3.4aany
ciscoios_xe17.3.5any
ciscoios_xe17.3.6any
ciscoios_xe17.3.7any
ciscoios_xe17.3.8any
ciscoios_xe17.3.8aany
ciscoios_xe17.4.1any
ciscoios_xe17.4.1aany
ciscoios_xe17.4.1bany
ciscoios_xe17.4.2any
ciscoios_xe17.5.1any
ciscoios_xe17.5.1aany
ciscoios_xe17.6.1any
ciscoios_xe17.6.1aany
ciscoios_xe17.6.2any
ciscoios_xe17.6.3any
ciscoios_xe17.6.3aany
ciscoios_xe17.6.4any
ciscoios_xe17.6.5any
ciscoios_xe17.6.5aany
ciscoios_xe17.6.6any
ciscoios_xe17.6.6aany
ciscoios_xe17.7.1any
ciscoios_xe17.7.1aany
ciscoios_xe17.7.2any
ciscoios_xe17.8.1any
ciscoios_xe17.8.1aany
ciscoios_xe17.9.1any
ciscoios_xe17.9.1aany
ciscoios_xe17.9.2any
ciscoios_xe17.9.2aany
ciscoios_xe17.9.3any
ciscoios_xe17.9.3aany
ciscoios_xe17.9.4any
ciscoios_xe17.9.4aany
ciscoios_xe17.10.1any
ciscoios_xe17.10.1aany
ciscoios_xe17.10.1bany
ciscoios_xe17.11.1any
ciscoios_xe17.11.1aany
ciscoios_xe17.12.1any
ciscoios_xe17.12.1aany

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-httpsrvr-dos-yOZThut
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.