CVE-2024-20307

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading.

This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.

Published: Mar 27, 2024
Updated: Jul 31, 2025
CVE: CVE-2024-20307
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / ios	15.1(2)sy10	15.1(2)sy10.x
cisco / ios	15.5(3)m4a	15.5(3)m4a.x
cisco / ios	15.2(4)ea4	15.2(4)ea4.x
cisco / ios	15.2(3)e4	15.2(3)e4.x
cisco / ios	15.2(4)ec1	15.2(4)ec1.x
cisco / ios	15.4(1)sy	15.4(1)sy.x
cisco / ios	15.3(3)s10	15.3(3)s10.x
cisco / ios	15.2(3)e5	15.2(3)e5.x
cisco / ios	15.3(3)m8	15.3(3)m8.x
cisco / ios	15.2(1)sy3	15.2(1)sy3.x
cisco / ios	15.5(1)s4	15.5(1)s4.x
cisco / ios	15.5(2)s4	15.5(2)s4.x
cisco / ios	15.5(3)s4	15.5(3)s4.x
cisco / ios	15.5(3)s5	15.5(3)s5.x
cisco / ios	15.5(3)m3	15.5(3)m3.x
cisco / ios	15.3(1)sy1	15.3(1)sy1.x
cisco / ios	15.3(1)sy2	15.3(1)sy2.x
cisco / ios	15.7(3)m	15.7(3)m.x
cisco / ios	15.1(2)sg8	15.1(2)sg8.x
cisco / ios	15.2(4)m11	15.2(4)m11.x
cisco / ios	15.1(2)sy8	15.1(2)sy8.x
cisco / ios	15.1(2)sy11	15.1(2)sy11.x
cisco / ios	15.3(3)s9	15.3(3)s9.x
cisco / ios	15.3(3)s8a	15.3(3)s8a.x
cisco / ios	15.2(4)e2	15.2(4)e2.x
cisco / ios	15.2(4)e3	15.2(4)e3.x
cisco / ios	15.2(5b)e	15.2(5b)e.x
cisco / ios	15.2(4)e4	15.2(4)e4.x
cisco / ios	15.4(3)s7	15.4(3)s7.x
cisco / ios	15.4(3)s6a	15.4(3)s6a.x
cisco / ios	15.3(3)m9	15.3(3)m9.x
cisco / ios	15.3(3)m8a	15.3(3)m8a.x
cisco / ios	15.2(1)sy4	15.2(1)sy4.x
cisco / ios	15.5(2)t4	15.5(2)t4.x
cisco / ios	15.2(5)ea	15.2(5)ea.x
cisco / ios	15.5(3)m4	15.5(3)m4.x
cisco / ios	15.5(3)m5	15.5(3)m5.x
cisco / ios	15.5(3)m6	15.5(3)m6.x
cisco / ios	15.2(4)ec2	15.2(4)ec2.x
cisco / ios	15.4(1)sy1	15.4(1)sy1.x
cisco / ios	15.4(1)sy2	15.4(1)sy2.x
cisco / ios	15.5(1)sy	15.5(1)sy.x
cisco / ios	15.1(2)sy9	15.1(2)sy9.x
cisco / ios	15.1(2)sy12	15.1(2)sy12.x
cisco / ios	15.1(2)sy13	15.1(2)sy13.x
cisco / ios	15.1(2)sy15	15.1(2)sy15.x
cisco / ios	15.3(3)s8	15.3(3)s8.x
cisco / ios	15.2(5)e	15.2(5)e.x
cisco / ios	15.2(4)e5	15.2(4)e5.x
cisco / ios	15.2(4)e5a	15.2(4)e5a.x
cisco / ios	15.2(4)e6	15.2(4)e6.x
cisco / ios	15.2(4)e7	15.2(4)e7.x
cisco / ios	15.4(3)s6	15.4(3)s6.x
cisco / ios	15.4(3)s8	15.4(3)s8.x
cisco / ios	15.4(3)s9	15.4(3)s9.x
cisco / ios	15.4(3)s10	15.4(3)s10.x
cisco / ios	15.3(3)m10	15.3(3)m10.x
cisco / ios	15.2(1)sy5	15.2(1)sy5.x
cisco / ios	15.2(1)sy6	15.2(1)sy6.x
cisco / ios	15.2(1)sy7	15.2(1)sy7.x
cisco / ios	15.5(3)s3	15.5(3)s3.x
cisco / ios	15.5(3)s6	15.5(3)s6.x
cisco / ios	15.5(3)s6a	15.5(3)s6a.x
cisco / ios	15.5(3)s7	15.5(3)s7.x
cisco / ios	15.5(3)s6b	15.5(3)s6b.x
cisco / ios	15.5(3)s8	15.5(3)s8.x
cisco / ios	15.5(3)s10	15.5(3)s10.x
cisco / ios	15.2(4)ea5	15.2(4)ea5.x
cisco / ios	15.2(4)ea6	15.2(4)ea6.x
cisco / ios	15.2(4)ea7	15.2(4)ea7.x
cisco / ios	15.2(4)ea8	15.2(4)ea8.x
cisco / ios	15.2(4)ea9	15.2(4)ea9.x
cisco / ios	15.5(3)m7	15.5(3)m7.x
cisco / ios	15.5(3)m6a	15.5(3)m6a.x
cisco / ios	15.5(3)m8	15.5(3)m8.x
cisco / ios	15.4(1)sy3	15.4(1)sy3.x
cisco / ios	15.4(1)sy4	15.4(1)sy4.x
cisco / ios	15.5(1)sy1	15.5(1)sy1.x
cisco / ios	15.5(1)sy2	15.5(1)sy2.x
cisco / ios	15.5(1)sy4	15.5(1)sy4.x
cisco / ios	15.7(3)m1	15.7(3)m1.x
cisco / ios	15.7(3)m0a	15.7(3)m0a.x
cisco / ios	15.7(3)m3	15.7(3)m3.x
cisco / ios	15.7(3)m2	15.7(3)m2.x
cisco / ios	15.7(3)m4	15.7(3)m4.x
cisco / ios	15.8(3)m	15.8(3)m.x
cisco / ios	15.8(3)m0a	15.8(3)m0a.x
cisco / ios	15.8(3)m0b	15.8(3)m0b.x
cisco / ios	15.8(3)m3a	15.8(3)m3a.x
cisco / ios	15.8(3)m3b	15.8(3)m3b.x
cisco / ios	15.1(2)sy14	15.1(2)sy14.x
cisco / ios	15.1(2)sy16	15.1(2)sy16.x
cisco / ios	15.2(4)e8	15.2(4)e8.x
cisco / ios	15.2(4)e9	15.2(4)e9.x
cisco / ios	15.2(4)e10	15.2(4)e10.x
cisco / ios	15.2(4)e10a	15.2(4)e10a.x
cisco / ios	15.2(4)e10d	15.2(4)e10d.x
cisco / ios	15.2(1)sy8	15.2(1)sy8.x
cisco / ios	15.5(3)s9	15.5(3)s9.x
cisco / ios	15.5(3)s9a	15.5(3)s9a.x
cisco / ios	15.2(4)ea9a	15.2(4)ea9a.x
cisco / ios	15.5(3)m9	15.5(3)m9.x
cisco / ios	15.5(3)m10	15.5(3)m10.x
cisco / ios	15.5(1)sy3	15.5(1)sy3.x
cisco / ios	15.5(1)sy5	15.5(1)sy5.x
cisco / ios	15.5(1)sy6	15.5(1)sy6.x
cisco / ios	15.5(1)sy7	15.5(1)sy7.x
cisco / ios	15.5(1)sy8	15.5(1)sy8.x
cisco / ios	15.5(1)sy9	15.5(1)sy9.x
cisco / ios	15.5(1)sy10	15.5(1)sy10.x
cisco / ios	15.5(1)sy11	15.5(1)sy11.x
cisco / ios	15.7(3)m5	15.7(3)m5.x
cisco / ios	15.7(3)m4a	15.7(3)m4a.x
cisco / ios	15.7(3)m4b	15.7(3)m4b.x
cisco / ios	15.7(3)m6	15.7(3)m6.x
cisco / ios	15.7(3)m7	15.7(3)m7.x
cisco / ios	15.7(3)m8	15.7(3)m8.x
cisco / ios	15.7(3)m9	15.7(3)m9.x
cisco / ios	15.8(3)m1	15.8(3)m1.x
cisco / ios	15.8(3)m2	15.8(3)m2.x
cisco / ios	15.8(3)m1a	15.8(3)m1a.x
cisco / ios	15.8(3)m3	15.8(3)m3.x
cisco / ios	15.8(3)m2a	15.8(3)m2a.x
cisco / ios	15.8(3)m4	15.8(3)m4.x
cisco / ios	15.8(3)m5	15.8(3)m5.x
cisco / ios	15.8(3)m6	15.8(3)m6.x
cisco / ios	15.8(3)m7	15.8(3)m7.x
cisco / ios	15.8(3)m8	15.8(3)m8.x
cisco / ios	15.8(3)m9	15.8(3)m9.x
cisco / ios	15.8(3)m10	15.8(3)m10.x
cisco / ios	15.9(3)m	15.9(3)m.x
cisco / ios	15.9(3)m1	15.9(3)m1.x
cisco / ios	15.9(3)m0a	15.9(3)m0a.x
cisco / ios	15.9(3)m2	15.9(3)m2.x
cisco / ios	15.9(3)m3	15.9(3)m3.x
cisco / ios	15.9(3)m2a	15.9(3)m2a.x
cisco / ios	15.9(3)m3a	15.9(3)m3a.x
cisco / ios	15.9(3)m4	15.9(3)m4.x
cisco / ios	15.9(3)m3b	15.9(3)m3b.x
cisco / ios	15.9(3)m5	15.9(3)m5.x
cisco / ios	15.9(3)m4a	15.9(3)m4a.x
cisco / ios	15.9(3)m6	15.9(3)m6.x
cisco / ios	15.9(3)m7	15.9(3)m7.x
cisco / ios	15.9(3)m6a	15.9(3)m6a.x
cisco / ios	15.9(3)m6b	15.9(3)m6b.x
cisco / ios	15.9(3)m7a	15.9(3)m7a.x
cisco / ios	15.3(3)jpi11	15.3(3)jpi11.x
cisco / ios_xe	3.13.6s	3.13.6s.x
cisco / ios_xe	3.14.4s	3.14.4s.x
cisco / ios_xe	3.7.4e	3.7.4e.x
cisco / ios_xe	3.9.0e	3.9.0e.x
cisco / ios_xe	16.2.1	16.2.1.x
cisco / ios_xe	16.1.3	16.1.3.x
cisco / ios_xe	3.4.8sg	3.4.8sg.x
cisco / ios_xe	3.10.8s	3.10.8s.x
cisco / ios_xe	3.13.7as	3.13.7as.x
cisco / ios_xe	3.7.5e	3.7.5e.x
cisco / ios_xe	3.16.4s	3.16.4s.x
cisco / ios_xe	3.16.5s	3.16.5s.x
cisco / ios_xe	3.16.4ds	3.16.4ds.x
cisco / ios_xe	3.16.6s	3.16.6s.x
cisco / ios_xe	3.8.2e	3.8.2e.x
cisco / ios_xe	3.8.3e	3.8.3e.x
cisco / ios_xe	3.8.4e	3.8.4e.x
cisco / ios_xe	16.6.1	16.6.1.x
cisco / ios_xe	3.10.8as	3.10.8as.x
cisco / ios_xe	3.10.9s	3.10.9s.x
cisco / ios_xe	3.13.7s	3.13.7s.x
cisco / ios_xe	3.13.6as	3.13.6as.x
cisco / ios_xe	3.13.8s	3.13.8s.x
cisco / ios_xe	3.13.9s	3.13.9s.x
cisco / ios_xe	3.15.4s	3.15.4s.x
cisco / ios_xe	3.16.3s	3.16.3s.x
cisco / ios_xe	3.16.3as	3.16.3as.x
cisco / ios_xe	3.16.4as	3.16.4as.x
cisco / ios_xe	3.16.4bs	3.16.4bs.x
cisco / ios_xe	3.16.6bs	3.16.6bs.x
cisco / ios_xe	16.2.2	16.2.2.x
cisco / ios_xe	16.3.1	16.3.1.x
cisco / ios_xe	16.3.2	16.3.2.x
cisco / ios_xe	16.3.3	16.3.3.x
cisco / ios_xe	16.3.1a	16.3.1a.x
cisco / ios_xe	16.3.4	16.3.4.x
cisco / ios_xe	16.3.5b	16.3.5b.x
cisco / ios_xe	16.4.1	16.4.1.x
cisco / ios_xe	16.4.2	16.4.2.x
cisco / ios_xe	16.5.1	16.5.1.x
cisco / ios_xe	16.5.1a	16.5.1a.x
cisco / ios_xe	16.5.1b	16.5.1b.x
cisco / ios_xe	3.10.10s	3.10.10s.x
cisco / ios_xe	3.13.10s	3.13.10s.x
cisco / ios_xe	3.16.7s	3.16.7s.x
cisco / ios_xe	3.16.7as	3.16.7as.x
cisco / ios_xe	3.16.7bs	3.16.7bs.x
cisco / ios_xe	3.16.8s	3.16.8s.x
cisco / ios_xe	3.16.10s	3.16.10s.x
cisco / ios_xe	3.8.5e	3.8.5e.x
cisco / ios_xe	3.8.5ae	3.8.5ae.x
cisco / ios_xe	3.8.6e	3.8.6e.x
cisco / ios_xe	3.8.7e	3.8.7e.x
cisco / ios_xe	16.3.5	16.3.5.x
cisco / ios_xe	16.3.6	16.3.6.x
cisco / ios_xe	16.3.7	16.3.7.x
cisco / ios_xe	16.3.8	16.3.8.x
cisco / ios_xe	16.4.3	16.4.3.x
cisco / ios_xe	16.5.2	16.5.2.x
cisco / ios_xe	16.5.3	16.5.3.x
cisco / ios_xe	16.6.2	16.6.2.x
cisco / ios_xe	16.6.3	16.6.3.x
cisco / ios_xe	16.6.4	16.6.4.x
cisco / ios_xe	16.6.5	16.6.5.x
cisco / ios_xe	16.6.4a	16.6.4a.x
cisco / ios_xe	16.7.1	16.7.1.x
cisco / ios_xe	16.7.1a	16.7.1a.x
cisco / ios_xe	16.7.1b	16.7.1b.x
cisco / ios_xe	16.7.2	16.7.2.x
cisco / ios_xe	16.7.3	16.7.3.x
cisco / ios_xe	16.7.4	16.7.4.x
cisco / ios_xe	16.8.1	16.8.1.x
cisco / ios_xe	16.8.1a	16.8.1a.x
cisco / ios_xe	16.8.1b	16.8.1b.x
cisco / ios_xe	16.8.1s	16.8.1s.x
cisco / ios_xe	16.8.1c	16.8.1c.x
cisco / ios_xe	16.8.1d	16.8.1d.x
cisco / ios_xe	16.8.2	16.8.2.x
cisco / ios_xe	16.8.1e	16.8.1e.x
cisco / ios_xe	16.9.1	16.9.1.x
cisco / ios_xe	16.9.2	16.9.2.x
cisco / ios_xe	16.9.1a	16.9.1a.x
cisco / ios_xe	16.9.1b	16.9.1b.x
cisco / ios_xe	16.9.1s	16.9.1s.x
cisco / ios_xe	16.10.1	16.10.1.x
cisco / ios_xe	16.11.1	16.11.1.x
cisco / ios_xe	16.11.1a	16.11.1a.x
cisco / ios_xe	16.12.1	16.12.1.x
cisco / ios_xe	16.12.1c	16.12.1c.x
cisco / ios_xe	17.1.1	17.1.1.x
cisco / ios_xe	3.16.9s	3.16.9s.x
cisco / ios_xe	3.8.8e	3.8.8e.x
cisco / ios_xe	3.8.9e	3.8.9e.x
cisco / ios_xe	3.8.10e	3.8.10e.x
cisco / ios_xe	16.3.9	16.3.9.x
cisco / ios_xe	16.3.10	16.3.10.x
cisco / ios_xe	16.3.11	16.3.11.x
cisco / ios_xe	16.6.5a	16.6.5a.x
cisco / ios_xe	16.6.6	16.6.6.x
cisco / ios_xe	16.6.7	16.6.7.x
cisco / ios_xe	16.6.8	16.6.8.x
cisco / ios_xe	16.6.9	16.6.9.x
cisco / ios_xe	16.6.10	16.6.10.x
cisco / ios_xe	16.8.3	16.8.3.x
cisco / ios_xe	16.9.3	16.9.3.x
cisco / ios_xe	16.9.4	16.9.4.x
cisco / ios_xe	16.9.3a	16.9.3a.x
cisco / ios_xe	16.9.5	16.9.5.x
cisco / ios_xe	16.9.5f	16.9.5f.x
cisco / ios_xe	16.9.6	16.9.6.x
cisco / ios_xe	16.9.7	16.9.7.x
cisco / ios_xe	16.9.8	16.9.8.x
cisco / ios_xe	16.10.1a	16.10.1a.x
cisco / ios_xe	16.10.1b	16.10.1b.x
cisco / ios_xe	16.10.1s	16.10.1s.x
cisco / ios_xe	16.10.1c	16.10.1c.x
cisco / ios_xe	16.10.1e	16.10.1e.x
cisco / ios_xe	16.10.1d	16.10.1d.x
cisco / ios_xe	16.10.2	16.10.2.x
cisco / ios_xe	16.10.1f	16.10.1f.x
cisco / ios_xe	16.10.1g	16.10.1g.x
cisco / ios_xe	16.10.3	16.10.3.x
cisco / ios_xe	16.11.1b	16.11.1b.x
cisco / ios_xe	16.11.2	16.11.2.x
cisco / ios_xe	16.11.1s	16.11.1s.x
cisco / ios_xe	16.12.1s	16.12.1s.x
cisco / ios_xe	16.12.1a	16.12.1a.x
cisco / ios_xe	16.12.1w	16.12.1w.x
cisco / ios_xe	16.12.2	16.12.2.x
cisco / ios_xe	16.12.1y	16.12.1y.x
cisco / ios_xe	16.12.2a	16.12.2a.x
cisco / ios_xe	16.12.3	16.12.3.x
cisco / ios_xe	16.12.8	16.12.8.x
cisco / ios_xe	16.12.2s	16.12.2s.x
cisco / ios_xe	16.12.1x	16.12.1x.x
cisco / ios_xe	16.12.1t	16.12.1t.x
cisco / ios_xe	16.12.4	16.12.4.x
cisco / ios_xe	16.12.3s	16.12.3s.x
cisco / ios_xe	16.12.3a	16.12.3a.x
cisco / ios_xe	16.12.4a	16.12.4a.x
cisco / ios_xe	16.12.5	16.12.5.x
cisco / ios_xe	16.12.6	16.12.6.x
cisco / ios_xe	16.12.1z1	16.12.1z1.x
cisco / ios_xe	16.12.5a	16.12.5a.x
cisco / ios_xe	16.12.5b	16.12.5b.x
cisco / ios_xe	16.12.1z2	16.12.1z2.x
cisco / ios_xe	16.12.6a	16.12.6a.x
cisco / ios_xe	16.12.7	16.12.7.x
cisco / ios_xe	17.1.1a	17.1.1a.x
cisco / ios_xe	17.1.1s	17.1.1s.x
cisco / ios_xe	17.1.1t	17.1.1t.x
cisco / ios_xe	17.1.3	17.1.3.x
cisco / ios_xe	17.2.1	17.2.1.x
cisco / ios_xe	17.2.1r	17.2.1r.x
cisco / ios_xe	17.2.1a	17.2.1a.x
cisco / ios_xe	17.2.1v	17.2.1v.x
cisco / ios_xe	17.2.2	17.2.2.x
cisco / ios_xe	17.2.3	17.2.3.x
cisco / ios_xe	17.3.1	17.3.1.x
cisco / ios_xe	17.3.2	17.3.2.x
cisco / ios_xe	17.3.3	17.3.3.x
cisco / ios_xe	17.3.1a	17.3.1a.x
cisco / ios_xe	17.3.1w	17.3.1w.x
cisco / ios_xe	17.3.2a	17.3.2a.x
cisco / ios_xe	17.3.1x	17.3.1x.x
cisco / ios_xe	17.3.1z	17.3.1z.x
cisco / ios_xe	17.3.4	17.3.4.x
cisco / ios_xe	17.3.5	17.3.5.x
cisco / ios_xe	17.3.4a	17.3.4a.x
cisco / ios_xe	17.3.4b	17.3.4b.x
cisco / ios_xe	17.3.4c	17.3.4c.x
cisco / ios_xe	17.4.1	17.4.1.x
cisco / ios_xe	17.4.2	17.4.2.x
cisco / ios_xe	17.4.1a	17.4.1a.x
cisco / ios_xe	17.4.1b	17.4.1b.x
cisco / ios_xe	17.4.2a	17.4.2a.x
cisco / ios_xe	17.5.1	17.5.1.x
cisco / ios_xe	17.5.1a	17.5.1a.x
cisco / ios_xe	17.6.1	17.6.1.x
cisco / ios_xe	17.6.2	17.6.2.x
cisco / ios_xe	17.6.1w	17.6.1w.x
cisco / ios_xe	17.6.1a	17.6.1a.x
cisco / ios_xe	17.6.3	17.6.3.x
cisco / ios_xe	17.6.3a	17.6.3a.x
cisco / ios_xe	17.7.1	17.7.1.x
cisco / ios_xe	17.9.1	17.9.1.x
cisco / ios_xe	16.12.9	16.12.9.x
cisco / ios_xe	17.3.6	17.3.6.x
cisco / ios_xe	17.3.5a	17.3.5a.x
cisco / ios_xe	17.3.5b	17.3.5b.x
cisco / ios_xe	17.3.7	17.3.7.x
cisco / ios_xe	17.6.1x	17.6.1x.x
cisco / ios_xe	17.6.1y	17.6.1y.x
cisco / ios_xe	17.6.1z	17.6.1z.x
cisco / ios_xe	17.6.4	17.6.4.x
cisco / ios_xe	17.6.1z1	17.6.1z1.x
cisco / ios_xe	17.6.5	17.6.5.x
cisco / ios_xe	17.6.5a	17.6.5a.x
cisco / ios_xe	17.7.1a	17.7.1a.x
cisco / ios_xe	17.7.1b	17.7.1b.x
cisco / ios_xe	17.7.2	17.7.2.x
cisco / ios_xe	17.10.1	17.10.1.x
cisco / ios_xe	17.10.1a	17.10.1a.x
cisco / ios_xe	17.10.1b	17.10.1b.x
cisco / ios_xe	17.8.1	17.8.1.x
cisco / ios_xe	17.8.1a	17.8.1a.x
cisco / ios_xe	17.9.1w	17.9.1w.x
cisco / ios_xe	17.9.2	17.9.2.x
cisco / ios_xe	17.9.1a	17.9.1a.x
cisco / ios_xe	17.9.1x	17.9.1x.x
cisco / ios_xe	17.9.1y	17.9.1y.x
cisco / ios_xe	17.9.3	17.9.3.x
cisco / ios_xe	17.9.2a	17.9.2a.x
cisco / ios_xe	17.9.1x1	17.9.1x1.x
cisco / ios_xe	17.9.3a	17.9.3a.x
cisco / ios_xe	17.11.1	17.11.1.x
cisco / ios_xe	17.11.1a	17.11.1a.x
cisco / ios_xe	17.11.99sw	17.11.99sw.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev1-NO2ccFWz

Vulnerability Database

CVE-2024-20307