All the vulnerabilites related to Cisco - Cisco IOS XE Catalyst SD-WAN
cve-2024-20373
Vulnerability from cvelistv5
Published
2024-11-15 14:52
Modified
2024-11-15 16:20
Severity ?
EPSS score ?
Summary
Cisco IOS and Cisco IOS XE SNMP Extended ACL Bypass Vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cisco | Cisco IOS XE Catalyst SD-WAN |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.10.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.10.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.10.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.10.3a:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.10.3b:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.10.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.10.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.10.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.11.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.11.1a:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.11.1b:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.11.1d:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.11.1f:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.11.1s:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.12.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.12.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.12.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.12.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:ios_xe_catalyst_sd-wan:16.9.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xe_catalyst_sd-wan",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "16.10.1"
},
{
"status": "affected",
"version": "16.10.2"
},
{
"status": "affected",
"version": "16.10.3"
},
{
"status": "affected",
"version": "16.10.3a"
},
{
"status": "affected",
"version": "16.10.3b"
},
{
"status": "affected",
"version": "16.10.4"
},
{
"status": "affected",
"version": "16.10.5"
},
{
"status": "affected",
"version": "16.10.6"
},
{
"status": "affected",
"version": "16.11.1"
},
{
"status": "affected",
"version": "16.11.1a"
},
{
"status": "affected",
"version": "16.11.1b"
},
{
"status": "affected",
"version": "16.11.1d"
},
{
"status": "affected",
"version": "16.11.1f"
},
{
"status": "affected",
"version": "16.11.1s"
},
{
"status": "affected",
"version": "16.12.1"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "16.9.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:20:19.710967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T16:20:59.945Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XE Catalyst SD-WAN",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "16.10.6"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "16.12.1"
},
{
"status": "affected",
"version": "16.10.4"
},
{
"status": "affected",
"version": "16.10.5"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "16.10.3"
},
{
"status": "affected",
"version": "16.10.3a"
},
{
"status": "affected",
"version": "16.10.3b"
},
{
"status": "affected",
"version": "16.11.1s"
},
{
"status": "affected",
"version": "16.11.1a"
},
{
"status": "affected",
"version": "16.10.1"
},
{
"status": "affected",
"version": "16.11.1f"
},
{
"status": "affected",
"version": "16.9.4"
},
{
"status": "affected",
"version": "16.9.3"
},
{
"status": "affected",
"version": "16.10.2"
},
{
"status": "affected",
"version": "16.11.1b"
},
{
"status": "affected",
"version": "16.11.1"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "16.11.1d"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic.\u0026nbsp;\r\n\r\nThis vulnerability exists because Cisco IOS Software and Cisco IOS XE Software do not support extended IPv4 ACLs for SNMP, but they do allow administrators to configure extended named IPv4 ACLs that are attached to the SNMP server configuration without a warning message. This can result in no ACL being applied to the SNMP listening process. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP operations that should be denied. The attacker has no control of the SNMP ACL configuration and would still need a valid SNMP version 2c (SNMPv2c) community string or SNMP version 3 (SNMPv3) user credentials.\r\nSNMP with IPv6 ACL configurations is not affected.\r\nFor more information, see the section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T14:52:34.137Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-snmp-uwBXfqww",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww"
}
],
"source": {
"advisory": "cisco-sa-snmp-uwBXfqww",
"defects": [
"CSCwe24431"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS and Cisco IOS XE SNMP Extended ACL Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20373",
"datePublished": "2024-11-15T14:52:34.137Z",
"dateReserved": "2023-11-08T15:08:07.654Z",
"dateUpdated": "2024-11-15T16:20:59.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-20655
Vulnerability from cvelistv5
Published
2024-11-15 15:56
Modified
2024-11-15 21:00
Severity ?
EPSS score ?
Summary
A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack.
The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:ios_xr_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xr_software",
"vendor": "cisco",
"versions": [
{
"lessThan": "7.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:virtual_topology_system:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtual_topology_system",
"vendor": "cisco",
"versions": [
{
"lessThan": "2.6.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "network_services_orchestrator",
"vendor": "cisco",
"versions": [
{
"lessThan": "4.3.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.4.5.6",
"status": "affected",
"version": "4.4.0.0",
"versionType": "custom"
},
{
"lessThan": "4.5.7",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
},
{
"lessThan": "4.6.1.7",
"status": "affected",
"version": "4.6.0",
"versionType": "custom"
},
{
"lessThan": "4.7.1",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "5.1.0.1",
"status": "affected",
"version": "5.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:enterprise_nfv_infrastructure_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_nfv_infrastructure_software",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.12.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "catalyst_sd-wan_manager",
"vendor": "cisco",
"versions": [
{
"lessThan": "18.4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "19.2.1",
"status": "affected",
"version": "19.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:ios_xe_catalyst_sd-wan:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xe_catalyst_sd-wan",
"vendor": "cisco",
"versions": [
{
"lessThan": "16.10.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "16.12.1b",
"status": "affected",
"version": "16.12.0",
"versionType": "custom"
},
{
"lessThan": "17.2.1r",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:sd-wan_vedge_router:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd-wan_vedge_router",
"vendor": "cisco",
"versions": [
{
"lessThan": "18.4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "19.2.1",
"status": "affected",
"version": "19.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:carrier_packet_transport:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "carrier_packet_transport",
"vendor": "cisco",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T19:43:18.170598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T21:00:58.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Virtual Topology System (VTS)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Catalyst SD-WAN",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco IOS XE Catalyst SD-WAN",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco SD-WAN vEdge Router",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Ultra Gateway Platform",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Carrier Packet Transport",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.5"
},
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "9.2.2"
},
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.3.0"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.3.4"
},
{
"status": "affected",
"version": "2.0.1"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "2.0.3"
},
{
"status": "affected",
"version": "2.0.4"
},
{
"status": "affected",
"version": "2.0.5"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "2.2.3"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "7.0.3"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.1.1"
},
{
"status": "affected",
"version": "1.1.2"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "9.8.1"
},
{
"status": "affected",
"version": "9.8.0"
},
{
"status": "affected",
"version": "4.1.82"
},
{
"status": "affected",
"version": "4.1.4"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.0.4"
},
{
"status": "affected",
"version": "4.0.3"
},
{
"status": "affected",
"version": "6.2.4"
},
{
"status": "affected",
"version": "3.0.5"
},
{
"status": "affected",
"version": "3.0.6"
},
{
"status": "affected",
"version": "3.0.7"
},
{
"status": "affected",
"version": "3.0.3"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "9.5.0"
},
{
"status": "affected",
"version": "9.5.3"
},
{
"status": "affected",
"version": "9.5.1"
},
{
"status": "affected",
"version": "9.5.2"
},
{
"status": "affected",
"version": "9.7.0"
},
{
"status": "affected",
"version": "9.521"
},
{
"status": "affected",
"version": "4.5.0"
},
{
"status": "affected",
"version": "4.7.0"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack.\r\n The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:56:42.927Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cli-cmdinj-4MttWZPB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cli-cmdinj-4MttWZPB"
},
{
"name": "cisco-sa-confdcli-cmdinj-wybQDSSh",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confdcli-cmdinj-wybQDSSh"
}
],
"source": {
"advisory": "cisco-sa-cli-cmdinj-4MttWZPB",
"defects": [
"CSCvq22323",
"CSCvq58164",
"CSCvq58224",
"CSCvq58168",
"CSCvq58183",
"CSCvq58226",
"CSCvz49669",
"CSCvq58204",
"CSCvm76596"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20655",
"datePublished": "2024-11-15T15:56:42.927Z",
"dateReserved": "2021-11-02T13:28:29.037Z",
"dateUpdated": "2024-11-15T21:00:58.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20455
Vulnerability from cvelistv5
Published
2024-09-25 16:18
Modified
2024-09-25 19:47
Severity ?
EPSS score ?
Summary
A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability exists because UTD improperly handles certain packets as those packets egress an SD-WAN IPsec tunnel. An attacker could exploit this vulnerability by sending crafted traffic through an SD-WAN IPsec tunnel that is configured on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Note: SD-WAN tunnels that are configured with Generic Routing Encapsulation (GRE) are not affected by this vulnerability.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cisco | Cisco IOS XE Software | |
| Cisco | Cisco IOS XE Catalyst SD-WAN |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xe",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "17.1.1a"
},
{
"status": "affected",
"version": "17.1.1s"
},
{
"status": "affected",
"version": "17.1.1t"
},
{
"status": "affected",
"version": "17.1.3"
},
{
"status": "affected",
"version": "17.2.1"
},
{
"status": "affected",
"version": "17.2.1r"
},
{
"status": "affected",
"version": "17.2.1a"
},
{
"status": "affected",
"version": "17.2.1v"
},
{
"status": "affected",
"version": "17.2.2"
},
{
"status": "affected",
"version": "17.2.3"
},
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.3.1a"
},
{
"status": "affected",
"version": "17.3.1w"
},
{
"status": "affected",
"version": "17.3.2a"
},
{
"status": "affected",
"version": "17.3.1x"
},
{
"status": "affected",
"version": "17.3.1z"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.4a"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.3.4b"
},
{
"status": "affected",
"version": "17.3.4c"
},
{
"status": "affected",
"version": "17.3.5a"
},
{
"status": "affected",
"version": "17.3.5b"
},
{
"status": "affected",
"version": "17.3.7"
},
{
"status": "affected",
"version": "17.3.8"
},
{
"status": "affected",
"version": "17.3.8a"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.4.1a"
},
{
"status": "affected",
"version": "17.4.1b"
},
{
"status": "affected",
"version": "17.4.2a"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.5.1a"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.1w"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.6.1x"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.6.1y"
},
{
"status": "affected",
"version": "17.6.1z"
},
{
"status": "affected",
"version": "17.6.3a"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.1z1"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.6.6"
},
{
"status": "affected",
"version": "17.6.6a"
},
{
"status": "affected",
"version": "17.6.5a"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.7.1b"
},
{
"status": "affected",
"version": "17.7.2"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.10.1a"
},
{
"status": "affected",
"version": "17.10.1b"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "17.9.1w"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.9.1a"
},
{
"status": "affected",
"version": "17.9.1x"
},
{
"status": "affected",
"version": "17.9.1y"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.9.2a"
},
{
"status": "affected",
"version": "17.9.1x1"
},
{
"status": "affected",
"version": "17.9.3a"
},
{
"status": "affected",
"version": "17.9.4"
},
{
"status": "affected",
"version": "17.9.1y1"
},
{
"status": "affected",
"version": "17.9.5"
},
{
"status": "affected",
"version": "17.9.4a"
},
{
"status": "affected",
"version": "17.9.5a"
},
{
"status": "affected",
"version": "17.9.5b"
},
{
"status": "affected",
"version": "17.11.1"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.12.1"
},
{
"status": "affected",
"version": "17.12.1w"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.2"
},
{
"status": "affected",
"version": "17.12.2a"
},
{
"status": "affected",
"version": "17.13.1"
},
{
"status": "affected",
"version": "17.13.1a"
},
{
"status": "affected",
"version": "17.11.99sw"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:ios_xe_catalyst_sd-wan:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xe_catalyst_sd-wan",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "17.5.1a"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.9.1a"
},
{
"status": "affected",
"version": "17.9.2a"
},
{
"status": "affected",
"version": "17.9.3a"
},
{
"status": "affected",
"version": "17.9.4"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.10.1a"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.13.1a"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20455",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T19:29:31.898015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T19:47:05.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "17.1.1a"
},
{
"status": "affected",
"version": "17.1.1s"
},
{
"status": "affected",
"version": "17.1.1t"
},
{
"status": "affected",
"version": "17.1.3"
},
{
"status": "affected",
"version": "17.2.1"
},
{
"status": "affected",
"version": "17.2.1r"
},
{
"status": "affected",
"version": "17.2.1a"
},
{
"status": "affected",
"version": "17.2.1v"
},
{
"status": "affected",
"version": "17.2.2"
},
{
"status": "affected",
"version": "17.2.3"
},
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.3.1a"
},
{
"status": "affected",
"version": "17.3.1w"
},
{
"status": "affected",
"version": "17.3.2a"
},
{
"status": "affected",
"version": "17.3.1x"
},
{
"status": "affected",
"version": "17.3.1z"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.4a"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.3.4b"
},
{
"status": "affected",
"version": "17.3.4c"
},
{
"status": "affected",
"version": "17.3.5a"
},
{
"status": "affected",
"version": "17.3.5b"
},
{
"status": "affected",
"version": "17.3.7"
},
{
"status": "affected",
"version": "17.3.8"
},
{
"status": "affected",
"version": "17.3.8a"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.4.1a"
},
{
"status": "affected",
"version": "17.4.1b"
},
{
"status": "affected",
"version": "17.4.2a"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.5.1a"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.1w"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.6.1x"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.6.1y"
},
{
"status": "affected",
"version": "17.6.1z"
},
{
"status": "affected",
"version": "17.6.3a"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.1z1"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.6.6"
},
{
"status": "affected",
"version": "17.6.6a"
},
{
"status": "affected",
"version": "17.6.5a"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.7.1b"
},
{
"status": "affected",
"version": "17.7.2"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.10.1a"
},
{
"status": "affected",
"version": "17.10.1b"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "17.9.1w"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.9.1a"
},
{
"status": "affected",
"version": "17.9.1x"
},
{
"status": "affected",
"version": "17.9.1y"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.9.2a"
},
{
"status": "affected",
"version": "17.9.1x1"
},
{
"status": "affected",
"version": "17.9.3a"
},
{
"status": "affected",
"version": "17.9.4"
},
{
"status": "affected",
"version": "17.9.1y1"
},
{
"status": "affected",
"version": "17.9.5"
},
{
"status": "affected",
"version": "17.9.4a"
},
{
"status": "affected",
"version": "17.9.5a"
},
{
"status": "affected",
"version": "17.9.5b"
},
{
"status": "affected",
"version": "17.11.1"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.12.1"
},
{
"status": "affected",
"version": "17.12.1w"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.2"
},
{
"status": "affected",
"version": "17.12.2a"
},
{
"status": "affected",
"version": "17.13.1"
},
{
"status": "affected",
"version": "17.13.1a"
},
{
"status": "affected",
"version": "17.11.99SW"
}
]
},
{
"product": "Cisco IOS XE Catalyst SD-WAN",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "17.5.1a"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.9.1a"
},
{
"status": "affected",
"version": "17.9.2a"
},
{
"status": "affected",
"version": "17.9.3a"
},
{
"status": "affected",
"version": "17.9.4"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.10.1a"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.13.1a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability exists because UTD improperly handles certain packets as those packets egress an SD-WAN IPsec tunnel. An attacker could exploit this vulnerability by sending crafted traffic through an SD-WAN IPsec tunnel that is configured on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.\r\n\r Note: SD-WAN tunnels that are configured with Generic Routing Encapsulation (GRE) are not affected by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-371",
"description": "State Issues",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T16:27:24.944Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-utd-dos-hDATqxs",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-utd-dos-hDATqxs"
}
],
"source": {
"advisory": "cisco-sa-sdwan-utd-dos-hDATqxs",
"defects": [
"CSCwi07137"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20455",
"datePublished": "2024-09-25T16:18:50.066Z",
"dateReserved": "2023-11-08T15:08:07.679Z",
"dateUpdated": "2024-09-25T19:47:05.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}