CVE-2024-20307

high-risk
Published 2024-03-27

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.

Do I need to act?

~
1.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.8/10 Medium
NETWORK / HIGH complexity

Affected Products (20)

Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios
Ios

Affected Vendors

Cisco

References (2)

Vendor Advisory https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
Vendor Advisory https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
58
/ 100
high-risk
Severity 21/34 · High
Exploitability 4/34 · Minimal
Exposure 33/34 · Critical