CVE-2024-20467

HIGH EPSS 58.0%
Published Sep 25, 20241y ago · Modified Jun 17, 20261w ago
8.6 CVSS 3.1
High
Find Similar
Published Sep 25, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper management of resources during fragment reassembly. An attacker could exploit this vulnerability by sending specific sizes of fragmented packets to an affected device or through a Virtual Fragmentation Reassembly (VFR)-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: This vulnerability affects Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers if they are running Cisco IOS XE Software Release 17.12.1 or 17.12.1a.

CVSS Details

Base Score
8.6
Exploitability
3.9
Impact
4.0
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Changed
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
58.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-399

Affected Products 3

VendorProductVersionRange
ciscoios_xe17.11.99swany
ciscoios_xe17.12.1any
ciscoios_xe17.12.1aany

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpp-vfr-dos-nhHKGgO
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.