Cyber Resilience

CVE-2024-20276

High

Published: 27 March 2024

Published
27 March 2024
Modified
05 August 2025
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0010 27.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-20276 is a high-severity Uncaught Exception (CWE-248) vulnerability in Cisco Ios. Its CVSS base score is 7.4 (High).

Operationally, ranked at the 27.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. This vulnerability is due to improper handling of process-switched traffic. An attacker could exploit…

more

this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ios
15.5\(1\)sy10, 15.5\(1\)sy11, 15.5\(1\)sy5, 15.5\(1\)sy6, 15.5\(1\)sy7

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-248

Prevents abrupt termination from uncaught exceptions by requiring a defined, preserved-state failure mode.

addresses: CWE-248

Requires pre-defined safe responses for uncaught exceptions so they do not result in undefined or insecure program termination.

References