CVE-2024-20313

A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Published: Apr 24, 2024
Updated: May 1, 2024
CVE: CVE-2024-20313
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.4
AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWEs:

CWE-120

Affected Software
References

Software	From	Fixed in
cisco / ios_xe	17.5.1	17.5.1.x
cisco / ios_xe	17.5.1a	17.5.1a.x
cisco / ios_xe	17.6.1	17.6.1.x
cisco / ios_xe	17.6.1a	17.6.1a.x
cisco / ios_xe	17.6.1w	17.6.1w.x
cisco / ios_xe	17.6.3	17.6.3.x
cisco / ios_xe	17.9.1	17.9.1.x
cisco / ios_xe	17.6.2	17.6.2.x
cisco / ios_xe	17.6.3a	17.6.3a.x
cisco / ios_xe	17.7.1	17.7.1.x
cisco / ios_xe	17.7.1a	17.7.1a.x
cisco / ios_xe	17.7.2	17.7.2.x
cisco / ios_xe	17.8.1	17.8.1.x
cisco / ios_xe	17.8.1a	17.8.1a.x
cisco / ios_xe	17.11.1	17.11.1.x
cisco / ios_xe	17.10.1	17.10.1.x
cisco / ios_xe	17.6.4	17.6.4.x
cisco / ios_xe	17.9.1a	17.9.1a.x
cisco / ios_xe	17.9.1w	17.9.1w.x
cisco / ios_xe	17.6.1x	17.6.1x.x
cisco / ios_xe	17.6.1y	17.6.1y.x
cisco / ios_xe	17.6.1z	17.6.1z.x
cisco / ios_xe	17.6.1z1	17.6.1z1.x
cisco / ios_xe	17.6.5	17.6.5.x
cisco / ios_xe	17.7.1b	17.7.1b.x
cisco / ios_xe	17.10.1a	17.10.1a.x
cisco / ios_xe	17.10.1b	17.10.1b.x
cisco / ios_xe	17.9.2	17.9.2.x
cisco / ios_xe	17.9.1x	17.9.1x.x
cisco / ios_xe	17.9.1y	17.9.1y.x
cisco / ios_xe	17.9.3	17.9.3.x
cisco / ios_xe	17.9.2a	17.9.2a.x
cisco / ios_xe	17.9.1x1	17.9.1x1.x
cisco / ios_xe	17.9.3a	17.9.3a.x
cisco / ios_xe	17.9.1y1	17.9.1y1.x
cisco / ios_xe	17.11.1a	17.11.1a.x
cisco / ios_xe	17.11.99sw	17.11.99sw.x
cisco / ios_xe	17.6.5a	17.6.5a.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ospf-dos-dR9Sfrxp

Vulnerability Database

289,599

CVE-2024-20313