CVE-2024-20467
Published: 25 September 2024
Summary
CVE-2024-20467 is a high-severity an unspecified weakness vulnerability in Cisco Ios Xe. Its CVSS base score is 8.6 (High).
Operationally, ranked in the top 5.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A vulnerability in the IPv4 fragmentation reassembly implementation within Cisco IOS XE Software can trigger a denial of service condition on affected devices. The flaw stems from improper resource management during fragment reassembly and is limited to Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers running release 17.12.1 or 17.12.1a. It carries a CVSS score of 8.6 and is tracked under CWE-399.
An unauthenticated remote attacker can exploit the issue by sending crafted fragmented IPv4 packets to an affected device or across any Virtual Fragmentation Reassembly-enabled interface. Successful exploitation forces the device to reload, producing a denial-of-service condition with no requirement for authentication or user interaction.
The official Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/content/CiscoSecurityAdvisory/cisco-sa-cpp-vfr-dos-nhHKGgO provides mitigation guidance and software updates for the affected platforms.
EPSS for this CVE rose from a low baseline to a peak of 0.2124 before settling at a current value of 0.1410, indicating measurable post-disclosure exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-18182
Vulnerability details
A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper…
more
management of resources during fragment reassembly. An attacker could exploit this vulnerability by sending specific sizes of fragmented packets to an affected device or through a Virtual Fragmentation Reassembly (VFR)-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: This vulnerability affects Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers if they are running Cisco IOS XE Software Release 17.12.1 or 17.12.1a.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.