CVE-2024-20436

A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to a null pointer dereference when accessing specific URLs. An attacker could exploit this vulnerability by sending crafted HTTP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a DoS condition on the affected device.

Published: Sep 25, 2024
Updated: May 4, 2025
CVE: CVE-2024-20436
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
cisco / ios_xe	3.13.2s	3.13.2s.x
cisco / ios_xe	3.10.6s	3.10.6s.x
cisco / ios_xe	3.13.6s	3.13.6s.x
cisco / ios_xe	3.14.4s	3.14.4s.x
cisco / ios_xe	3.15.1cs	3.15.1cs.x
cisco / ios_xe	3.13.4s	3.13.4s.x
cisco / ios_xe	16.2.1	16.2.1.x
cisco / ios_xe	3.13.0s	3.13.0s.x
cisco / ios_xe	3.17.3s	3.17.3s.x
cisco / ios_xe	3.16.0s	3.16.0s.x
cisco / ios_xe	3.14.1s	3.14.1s.x
cisco / ios_xe	3.12.2s	3.12.2s.x
cisco / ios_xe	3.10.5s	3.10.5s.x
cisco / ios_xe	3.10.8s	3.10.8s.x
cisco / ios_xe	3.9.0as	3.9.0as.x
cisco / ios_xe	3.10.1s	3.10.1s.x
cisco / ios_xe	3.10.2s	3.10.2s.x
cisco / ios_xe	3.18.2asp	3.18.2asp.x
cisco / ios_xe	3.16.2s	3.16.2s.x
cisco / ios_xe	3.9.2s	3.9.2s.x
cisco / ios_xe	3.16.0cs	3.16.0cs.x
cisco / ios_xe	3.13.5s	3.13.5s.x
cisco / ios_xe	3.11.2s	3.11.2s.x
cisco / ios_xe	3.15.0s	3.15.0s.x
cisco / ios_xe	3.14.3s	3.14.3s.x
cisco / ios_xe	16.6.1	16.6.1.x
cisco / ios_xe	3.17.4s	3.17.4s.x
cisco / ios_xe	3.17.2s	3.17.2s.x
cisco / ios_xe	3.11.3s	3.11.3s.x
cisco / ios_xe	3.15.3s	3.15.3s.x
cisco / ios_xe	3.10.2ts	3.10.2ts.x
cisco / ios_xe	3.10.3s	3.10.3s.x
cisco / ios_xe	3.16.6s	3.16.6s.x
cisco / ios_xe	3.14.0s	3.14.0s.x
cisco / ios_xe	3.16.5s	3.16.5s.x
cisco / ios_xe	3.10.7s	3.10.7s.x
cisco / ios_xe	3.11.0s	3.11.0s.x
cisco / ios_xe	3.9.1s	3.9.1s.x
cisco / ios_xe	3.15.1s	3.15.1s.x
cisco / ios_xe	3.10.0s	3.10.0s.x
cisco / ios_xe	3.17.0s	3.17.0s.x
cisco / ios_xe	3.16.4ds	3.16.4ds.x
cisco / ios_xe	3.16.3s	3.16.3s.x
cisco / ios_xe	3.17.1s	3.17.1s.x
cisco / ios_xe	3.15.2s	3.15.2s.x
cisco / ios_xe	3.10.8as	3.10.8as.x
cisco / ios_xe	16.4.1	16.4.1.x
cisco / ios_xe	3.14.2s	3.14.2s.x
cisco / ios_xe	3.15.4s	3.15.4s.x
cisco / ios_xe	3.16.1as	3.16.1as.x
cisco / ios_xe	3.12.0s	3.12.0s.x
cisco / ios_xe	3.12.1s	3.12.1s.x
cisco / ios_xe	3.12.4s	3.12.4s.x
cisco / ios_xe	16.2.2	16.2.2.x
cisco / ios_xe	3.16.4as	3.16.4as.x
cisco / ios_xe	3.13.3s	3.13.3s.x
cisco / ios_xe	3.13.6as	3.13.6as.x
cisco / ios_xe	3.16.4bs	3.16.4bs.x
cisco / ios_xe	3.11.4s	3.11.4s.x
cisco / ios_xe	3.12.3s	3.12.3s.x
cisco / ios_xe	16.3.1	16.3.1.x
cisco / ios_xe	3.13.1s	3.13.1s.x
cisco / ios_xe	3.10.4s	3.10.4s.x
cisco / ios_xe	3.11.1s	3.11.1s.x
cisco / ios_xe	3.13.8s	3.13.8s.x
cisco / ios_xe	16.3.1a	16.3.1a.x
cisco / ios_xe	16.3.2	16.3.2.x
cisco / ios_xe	16.3.3	16.3.3.x
cisco / ios_xe	3.16.6bs	3.16.6bs.x
cisco / ios_xe	16.5.1	16.5.1.x
cisco / ios_xe	3.13.7s	3.13.7s.x
cisco / ios_xe	3.10.9s	3.10.9s.x
cisco / ios_xe	16.3.4	16.3.4.x
cisco / ios_xe	16.5.1b	16.5.1b.x
cisco / ios_xe	16.4.2	16.4.2.x
cisco / ios_xe	3.13.9s	3.13.9s.x
cisco / ios_xe	16.3.6	16.3.6.x
cisco / ios_xe	16.6.3	16.6.3.x
cisco / ios_xe	16.8.1	16.8.1.x
cisco / ios_xe	16.7.1	16.7.1.x
cisco / ios_xe	16.6.2	16.6.2.x
cisco / ios_xe	16.9.1	16.9.1.x
cisco / ios_xe	16.3.5	16.3.5.x
cisco / ios_xe	16.5.2	16.5.2.x
cisco / ios_xe	16.8.1s	16.8.1s.x
cisco / ios_xe	16.8.2	16.8.2.x
cisco / ios_xe	16.7.2	16.7.2.x
cisco / ios_xe	16.7.3	16.7.3.x
cisco / ios_xe	16.4.3	16.4.3.x
cisco / ios_xe	16.9.1s	16.9.1s.x
cisco / ios_xe	3.16.7as	3.16.7as.x
cisco / ios_xe	3.16.7s	3.16.7s.x
cisco / ios_xe	3.16.7bs	3.16.7bs.x
cisco / ios_xe	16.5.3	16.5.3.x
cisco / ios_xe	16.3.7	16.3.7.x
cisco / ios_xe	16.3.8	16.3.8.x
cisco / ios_xe	3.13.10s	3.13.10s.x
cisco / ios_xe	3.10.10s	3.10.10s.x
cisco / ios_xe	16.6.4	16.6.4.x
cisco / ios_xe	3.16.8s	3.16.8s.x
cisco / ios_xe	16.10.1	16.10.1.x
cisco / ios_xe	16.9.2	16.9.2.x
cisco / ios_xe	3.16.10s	3.16.10s.x
cisco / ios_xe	16.12.1	16.12.1.x
cisco / ios_xe	16.6.5	16.6.5.x
cisco / ios_xe	16.11.1	16.11.1.x
cisco / ios_xe	17.1.1	17.1.1.x
cisco / ios_xe	16.11.1a	16.11.1a.x
cisco / ios_xe	16.12.1c	16.12.1c.x
cisco / ios_xe	16.11.2	16.11.2.x
cisco / ios_xe	16.12.1s	16.12.1s.x
cisco / ios_xe	16.12.1a	16.12.1a.x
cisco / ios_xe	16.11.1b	16.11.1b.x
cisco / ios_xe	16.11.1s	16.11.1s.x
cisco / ios_xe	16.10.1s	16.10.1s.x
cisco / ios_xe	3.16.9s	3.16.9s.x
cisco / ios_xe	16.6.6	16.6.6.x
cisco / ios_xe	16.3.9	16.3.9.x
cisco / ios_xe	16.10.1a	16.10.1a.x
cisco / ios_xe	16.10.2	16.10.2.x
cisco / ios_xe	16.9.3	16.9.3.x
cisco / ios_xe	16.10.1e	16.10.1e.x
cisco / ios_xe	16.10.1b	16.10.1b.x
cisco / ios_xe	16.8.3	16.8.3.x
cisco / ios_xe	16.9.4	16.9.4.x
cisco / ios_xe	16.12.2	16.12.2.x
cisco / ios_xe	16.6.7	16.6.7.x
cisco / ios_xe	16.10.3	16.10.3.x
cisco / ios_xe	16.12.4	16.12.4.x
cisco / ios_xe	16.12.8	16.12.8.x
cisco / ios_xe	16.3.10	16.3.10.x
cisco / ios_xe	16.9.5	16.9.5.x
cisco / ios_xe	16.6.8	16.6.8.x
cisco / ios_xe	16.12.3	16.12.3.x
cisco / ios_xe	17.2.1	17.2.1.x
cisco / ios_xe	17.4.1	17.4.1.x
cisco / ios_xe	16.6.9	16.6.9.x
cisco / ios_xe	17.1.1s	17.1.1s.x
cisco / ios_xe	16.12.2s	16.12.2s.x
cisco / ios_xe	17.1.1t	17.1.1t.x
cisco / ios_xe	16.3.11	16.3.11.x
cisco / ios_xe	17.2.1v	17.2.1v.x
cisco / ios_xe	16.12.3s	16.12.3s.x
cisco / ios_xe	17.2.1r	17.2.1r.x
cisco / ios_xe	16.12.4a	16.12.4a.x
cisco / ios_xe	17.1.3	17.1.3.x
cisco / ios_xe	17.2.2	17.2.2.x
cisco / ios_xe	17.3.1	17.3.1.x
cisco / ios_xe	17.4.1a	17.4.1a.x
cisco / ios_xe	17.3.2	17.3.2.x
cisco / ios_xe	17.4.1b	17.4.1b.x
cisco / ios_xe	17.3.1a	17.3.1a.x
cisco / ios_xe	17.2.3	17.2.3.x
cisco / ios_xe	16.9.6	16.9.6.x
cisco / ios_xe	16.12.5	16.12.5.x
cisco / ios_xe	17.5.1	17.5.1.x
cisco / ios_xe	17.3.3	17.3.3.x
cisco / ios_xe	16.9.7	16.9.7.x
cisco / ios_xe	17.5.1a	17.5.1a.x
cisco / ios_xe	17.6.1	17.6.1.x
cisco / ios_xe	17.3.4a	17.3.4a.x
cisco / ios_xe	17.4.2	17.4.2.x
cisco / ios_xe	17.6.1a	17.6.1a.x
cisco / ios_xe	16.6.10	16.6.10.x
cisco / ios_xe	16.9.8	16.9.8.x
cisco / ios_xe	17.3.4	17.3.4.x
cisco / ios_xe	16.12.6	16.12.6.x
cisco / ios_xe	17.6.3	17.6.3.x
cisco / ios_xe	17.9.1	17.9.1.x
cisco / ios_xe	16.12.7	16.12.7.x
cisco / ios_xe	17.3.5	17.3.5.x
cisco / ios_xe	17.6.2	17.6.2.x
cisco / ios_xe	17.6.3a	17.6.3a.x
cisco / ios_xe	17.7.1	17.7.1.x
cisco / ios_xe	17.7.1a	17.7.1a.x
cisco / ios_xe	17.7.2	17.7.2.x
cisco / ios_xe	17.8.1	17.8.1.x
cisco / ios_xe	17.8.1a	17.8.1a.x
cisco / ios_xe	17.11.1	17.11.1.x
cisco / ios_xe	17.10.1	17.10.1.x
cisco / ios_xe	17.3.6	17.3.6.x
cisco / ios_xe	17.6.4	17.6.4.x
cisco / ios_xe	17.9.1a	17.9.1a.x
cisco / ios_xe	17.3.7	17.3.7.x
cisco / ios_xe	17.6.5	17.6.5.x
cisco / ios_xe	17.10.1a	17.10.1a.x
cisco / ios_xe	17.10.1b	17.10.1b.x
cisco / ios_xe	17.9.2	17.9.2.x
cisco / ios_xe	17.9.3	17.9.3.x
cisco / ios_xe	17.9.2a	17.9.2a.x
cisco / ios_xe	17.9.3a	17.9.3a.x
cisco / ios_xe	17.11.1a	17.11.1a.x
cisco / ios_xe	17.6.5a	17.6.5a.x
cisco / ios_xe	17.12.1a	17.12.1a.x
cisco / ios_xe	17.12.1	17.12.1.x
cisco / ios_xe	17.9.4a	17.9.4a.x
cisco / ios_xe	17.9.4	17.9.4.x
cisco / ios_xe	17.6.6a	17.6.6a.x
cisco / ios_xe	17.6.6	17.6.6.x
cisco / ios_xe	17.3.8a	17.3.8a.x
cisco / ios_xe	17.3.8	17.3.8.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-httpsrvr-dos-yOZThut

Vulnerability Database

289,598

CVE-2024-20436