CVE-2024-20436
HIGH EPSS 54.1%
Published Sep 25, 20241y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
Published Sep 25, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a null pointer dereference when accessing specific URLs. An attacker could exploit this vulnerability by sending crafted HTTP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a DoS condition on the affected device.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
54.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-476 NULL Pointer Dereference Memory Safety
Affected Products 201
| Vendor | Product | Version | Range |
|---|---|---|---|
| cisco | ios_xe | 3.9.0as | any |
| cisco | ios_xe | 3.9.1s | any |
| cisco | ios_xe | 3.9.2s | any |
| cisco | ios_xe | 3.10.0s | any |
| cisco | ios_xe | 3.10.1s | any |
| cisco | ios_xe | 3.10.2s | any |
| cisco | ios_xe | 3.10.2ts | any |
| cisco | ios_xe | 3.10.3s | any |
| cisco | ios_xe | 3.10.4s | any |
| cisco | ios_xe | 3.10.5s | any |
| cisco | ios_xe | 3.10.6s | any |
| cisco | ios_xe | 3.10.7s | any |
| cisco | ios_xe | 3.10.8as | any |
| cisco | ios_xe | 3.10.8s | any |
| cisco | ios_xe | 3.10.9s | any |
| cisco | ios_xe | 3.10.10s | any |
| cisco | ios_xe | 3.11.0s | any |
| cisco | ios_xe | 3.11.1s | any |
| cisco | ios_xe | 3.11.2s | any |
| cisco | ios_xe | 3.11.3s | any |
| cisco | ios_xe | 3.11.4s | any |
| cisco | ios_xe | 3.12.0s | any |
| cisco | ios_xe | 3.12.1s | any |
| cisco | ios_xe | 3.12.2s | any |
| cisco | ios_xe | 3.12.3s | any |
| cisco | ios_xe | 3.12.4s | any |
| cisco | ios_xe | 3.13.0s | any |
| cisco | ios_xe | 3.13.1s | any |
| cisco | ios_xe | 3.13.2s | any |
| cisco | ios_xe | 3.13.3s | any |
| cisco | ios_xe | 3.13.4s | any |
| cisco | ios_xe | 3.13.5s | any |
| cisco | ios_xe | 3.13.6as | any |
| cisco | ios_xe | 3.13.6s | any |
| cisco | ios_xe | 3.13.7s | any |
| cisco | ios_xe | 3.13.8s | any |
| cisco | ios_xe | 3.13.9s | any |
| cisco | ios_xe | 3.13.10s | any |
| cisco | ios_xe | 3.14.0s | any |
| cisco | ios_xe | 3.14.1s | any |
| cisco | ios_xe | 3.14.2s | any |
| cisco | ios_xe | 3.14.3s | any |
| cisco | ios_xe | 3.14.4s | any |
| cisco | ios_xe | 3.15.0s | any |
| cisco | ios_xe | 3.15.1cs | any |
| cisco | ios_xe | 3.15.1s | any |
| cisco | ios_xe | 3.15.2s | any |
| cisco | ios_xe | 3.15.3s | any |
| cisco | ios_xe | 3.15.4s | any |
| cisco | ios_xe | 3.16.0cs | any |
| cisco | ios_xe | 3.16.0s | any |
| cisco | ios_xe | 3.16.1as | any |
| cisco | ios_xe | 3.16.2s | any |
| cisco | ios_xe | 3.16.3s | any |
| cisco | ios_xe | 3.16.4as | any |
| cisco | ios_xe | 3.16.4bs | any |
| cisco | ios_xe | 3.16.4ds | any |
| cisco | ios_xe | 3.16.5s | any |
| cisco | ios_xe | 3.16.6bs | any |
| cisco | ios_xe | 3.16.6s | any |
| cisco | ios_xe | 3.16.7as | any |
| cisco | ios_xe | 3.16.7bs | any |
| cisco | ios_xe | 3.16.7s | any |
| cisco | ios_xe | 3.16.8s | any |
| cisco | ios_xe | 3.16.9s | any |
| cisco | ios_xe | 3.16.10s | any |
| cisco | ios_xe | 3.17.0s | any |
| cisco | ios_xe | 3.17.1s | any |
| cisco | ios_xe | 3.17.2s | any |
| cisco | ios_xe | 3.17.3s | any |
| cisco | ios_xe | 3.17.4s | any |
| cisco | ios_xe | 3.18.2asp | any |
| cisco | ios_xe | 16.2.1 | any |
| cisco | ios_xe | 16.2.2 | any |
| cisco | ios_xe | 16.3.1 | any |
| cisco | ios_xe | 16.3.1a | any |
| cisco | ios_xe | 16.3.2 | any |
| cisco | ios_xe | 16.3.3 | any |
| cisco | ios_xe | 16.3.4 | any |
| cisco | ios_xe | 16.3.5 | any |
| cisco | ios_xe | 16.3.6 | any |
| cisco | ios_xe | 16.3.7 | any |
| cisco | ios_xe | 16.3.8 | any |
| cisco | ios_xe | 16.3.9 | any |
| cisco | ios_xe | 16.3.10 | any |
| cisco | ios_xe | 16.3.11 | any |
| cisco | ios_xe | 16.4.1 | any |
| cisco | ios_xe | 16.4.2 | any |
| cisco | ios_xe | 16.4.3 | any |
| cisco | ios_xe | 16.5.1 | any |
| cisco | ios_xe | 16.5.1b | any |
| cisco | ios_xe | 16.5.2 | any |
| cisco | ios_xe | 16.5.3 | any |
| cisco | ios_xe | 16.6.1 | any |
| cisco | ios_xe | 16.6.2 | any |
| cisco | ios_xe | 16.6.3 | any |
| cisco | ios_xe | 16.6.4 | any |
| cisco | ios_xe | 16.6.5 | any |
| cisco | ios_xe | 16.6.6 | any |
| cisco | ios_xe | 16.6.7 | any |
| cisco | ios_xe | 16.6.8 | any |
| cisco | ios_xe | 16.6.9 | any |
| cisco | ios_xe | 16.6.10 | any |
| cisco | ios_xe | 16.7.1 | any |
| cisco | ios_xe | 16.7.2 | any |
| cisco | ios_xe | 16.7.3 | any |
| cisco | ios_xe | 16.8.1 | any |
| cisco | ios_xe | 16.8.1s | any |
| cisco | ios_xe | 16.8.2 | any |
| cisco | ios_xe | 16.8.3 | any |
| cisco | ios_xe | 16.9.1 | any |
| cisco | ios_xe | 16.9.1s | any |
| cisco | ios_xe | 16.9.2 | any |
| cisco | ios_xe | 16.9.3 | any |
| cisco | ios_xe | 16.9.4 | any |
| cisco | ios_xe | 16.9.5 | any |
| cisco | ios_xe | 16.9.6 | any |
| cisco | ios_xe | 16.9.7 | any |
| cisco | ios_xe | 16.9.8 | any |
| cisco | ios_xe | 16.10.1 | any |
| cisco | ios_xe | 16.10.1a | any |
| cisco | ios_xe | 16.10.1b | any |
| cisco | ios_xe | 16.10.1e | any |
| cisco | ios_xe | 16.10.1s | any |
| cisco | ios_xe | 16.10.2 | any |
| cisco | ios_xe | 16.10.3 | any |
| cisco | ios_xe | 16.11.1 | any |
| cisco | ios_xe | 16.11.1a | any |
| cisco | ios_xe | 16.11.1b | any |
| cisco | ios_xe | 16.11.1s | any |
| cisco | ios_xe | 16.11.2 | any |
| cisco | ios_xe | 16.12.1 | any |
| cisco | ios_xe | 16.12.1a | any |
| cisco | ios_xe | 16.12.1c | any |
| cisco | ios_xe | 16.12.1s | any |
| cisco | ios_xe | 16.12.2 | any |
| cisco | ios_xe | 16.12.2s | any |
| cisco | ios_xe | 16.12.3 | any |
| cisco | ios_xe | 16.12.3s | any |
| cisco | ios_xe | 16.12.4 | any |
| cisco | ios_xe | 16.12.4a | any |
| cisco | ios_xe | 16.12.5 | any |
| cisco | ios_xe | 16.12.6 | any |
| cisco | ios_xe | 16.12.7 | any |
| cisco | ios_xe | 16.12.8 | any |
| cisco | ios_xe | 17.1.1 | any |
| cisco | ios_xe | 17.1.1s | any |
| cisco | ios_xe | 17.1.1t | any |
| cisco | ios_xe | 17.1.3 | any |
| cisco | ios_xe | 17.2.1 | any |
| cisco | ios_xe | 17.2.1r | any |
| cisco | ios_xe | 17.2.1v | any |
| cisco | ios_xe | 17.2.2 | any |
| cisco | ios_xe | 17.2.3 | any |
| cisco | ios_xe | 17.3.1 | any |
| cisco | ios_xe | 17.3.1a | any |
| cisco | ios_xe | 17.3.2 | any |
| cisco | ios_xe | 17.3.3 | any |
| cisco | ios_xe | 17.3.4 | any |
| cisco | ios_xe | 17.3.4a | any |
| cisco | ios_xe | 17.3.5 | any |
| cisco | ios_xe | 17.3.6 | any |
| cisco | ios_xe | 17.3.7 | any |
| cisco | ios_xe | 17.3.8 | any |
| cisco | ios_xe | 17.3.8a | any |
| cisco | ios_xe | 17.4.1 | any |
| cisco | ios_xe | 17.4.1a | any |
| cisco | ios_xe | 17.4.1b | any |
| cisco | ios_xe | 17.4.2 | any |
| cisco | ios_xe | 17.5.1 | any |
| cisco | ios_xe | 17.5.1a | any |
| cisco | ios_xe | 17.6.1 | any |
| cisco | ios_xe | 17.6.1a | any |
| cisco | ios_xe | 17.6.2 | any |
| cisco | ios_xe | 17.6.3 | any |
| cisco | ios_xe | 17.6.3a | any |
| cisco | ios_xe | 17.6.4 | any |
| cisco | ios_xe | 17.6.5 | any |
| cisco | ios_xe | 17.6.5a | any |
| cisco | ios_xe | 17.6.6 | any |
| cisco | ios_xe | 17.6.6a | any |
| cisco | ios_xe | 17.7.1 | any |
| cisco | ios_xe | 17.7.1a | any |
| cisco | ios_xe | 17.7.2 | any |
| cisco | ios_xe | 17.8.1 | any |
| cisco | ios_xe | 17.8.1a | any |
| cisco | ios_xe | 17.9.1 | any |
| cisco | ios_xe | 17.9.1a | any |
| cisco | ios_xe | 17.9.2 | any |
| cisco | ios_xe | 17.9.2a | any |
| cisco | ios_xe | 17.9.3 | any |
| cisco | ios_xe | 17.9.3a | any |
| cisco | ios_xe | 17.9.4 | any |
| cisco | ios_xe | 17.9.4a | any |
| cisco | ios_xe | 17.10.1 | any |
| cisco | ios_xe | 17.10.1a | any |
| cisco | ios_xe | 17.10.1b | any |
| cisco | ios_xe | 17.11.1 | any |
| cisco | ios_xe | 17.11.1a | any |
| cisco | ios_xe | 17.12.1 | any |
| cisco | ios_xe | 17.12.1a | any |
References 1
- sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-httpsrvr-dos-yOZThut
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.