Action not permitted
Modal body text goes here.
wid-sec-w-2024-0745
Vulnerability from csaf_certbund
Published
2024-03-27 23:00
Modified
2024-03-27 23:00
Summary
Cisco IOS XE: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Cisco Internetwork Operating System (IOS) ist ein Betriebssystem, das für Cisco Geräte wie z. B. Router und Switches eingesetzt wird.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Cisco IOS XE ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsvorkehrungen zu umgehen, seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- CISCO Appliance
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Cisco Internetwork Operating System (IOS) ist ein Betriebssystem, das f\u00fcr Cisco Ger\u00e4te wie z. B. Router und Switches eingesetzt wird.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Cisco IOS XE ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, seine Privilegien zu erweitern oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- CISCO Appliance", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0745 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0745.json" }, { "category": "self", "summary": "WID-SEC-2024-0745 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0745" }, { "category": "external", "summary": "Cisco Security Advisory vom 2024-03-27", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aux-333WBz8f" }, { "category": "external", "summary": "Cisco Security Advisory vom 2024-03-27", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz" }, { "category": "external", "summary": "Cisco Security Advisory vom 2024-03-27", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ospf-dos-dR9Sfrxp" }, { "category": "external", "summary": "Cisco Security Advisory vom 2024-03-27", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-seAx6NLX" }, { "category": "external", "summary": "Cisco Security Advisory vom 2024-03-27", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG" }, { "category": "external", "summary": "Cisco Security Advisory vom 2024-03-27", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-utd-cmd-JbL8KvHT" }, { "category": "external", "summary": "Cisco Security Advisory vom 2024-03-27", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-wlc-privesc-RjSMrmPK" }, { "category": "external", "summary": "Cisco Security Advisory vom 2024-03-27", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-mdns-dos-4hv6pBGf" } ], "source_lang": "en-US", "title": "Cisco IOS XE: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-03-27T23:00:00.000+00:00", "generator": { "date": "2024-03-28T12:25:54.077+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0745", "initial_release_date": "2024-03-27T23:00:00.000+00:00", "revision_history": [ { "date": "2024-03-27T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Cisco IOS XE", "product": { "name": "Cisco IOS XE", "product_id": "T033777", "product_identification_helper": { "cpe": "cpe:/o:cisco:ios_xe:-" } } } ], "category": "vendor", "name": "Cisco" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-20306", "notes": [ { "category": "description", "text": "In Cisco IOS XE existiert eine Schwachstelle. Diese ist auf eine unzureichende Validierung von Nutzereingaben zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren." } ], "product_status": { "known_affected": [ "T033777" ] }, "release_date": "2024-03-27T23:00:00Z", "title": "CVE-2024-20306" }, { "cve": "CVE-2024-20303", "notes": [ { "category": "description", "text": "In Cisco IOS XE existieren mehrere Schwachstellen. Diese sind auf Fehler beim Umgang mit IPv4 Traffic, Umgang mit eingehendem Traffic, Fehler beim Management von mDNS Eintr\u00e4gen sowie Fehler bei der Validierung von OSPF Updates. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033777" ] }, "release_date": "2024-03-27T23:00:00Z", "title": "CVE-2024-20303" }, { "cve": "CVE-2024-20309", "notes": [ { "category": "description", "text": "In Cisco IOS XE existieren mehrere Schwachstellen. Diese sind auf Fehler beim Umgang mit IPv4 Traffic, Umgang mit eingehendem Traffic, Fehler beim Management von mDNS Eintr\u00e4gen sowie Fehler bei der Validierung von OSPF Updates. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033777" ] }, "release_date": "2024-03-27T23:00:00Z", "title": "CVE-2024-20309" }, { "cve": "CVE-2024-20313", "notes": [ { "category": "description", "text": "In Cisco IOS XE existieren mehrere Schwachstellen. Diese sind auf Fehler beim Umgang mit IPv4 Traffic, Umgang mit eingehendem Traffic, Fehler beim Management von mDNS Eintr\u00e4gen sowie Fehler bei der Validierung von OSPF Updates. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033777" ] }, "release_date": "2024-03-27T23:00:00Z", "title": "CVE-2024-20313" }, { "cve": "CVE-2024-20314", "notes": [ { "category": "description", "text": "In Cisco IOS XE existieren mehrere Schwachstellen. Diese sind auf Fehler beim Umgang mit IPv4 Traffic, Umgang mit eingehendem Traffic, Fehler beim Management von mDNS Eintr\u00e4gen sowie Fehler bei der Validierung von OSPF Updates. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033777" ] }, "release_date": "2024-03-27T23:00:00Z", "title": "CVE-2024-20314" }, { "cve": "CVE-2024-20278", "notes": [ { "category": "description", "text": "In Cisco IOS XE existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Kontrolle von Privilegien und Nutzereingaben zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T033777" ] }, "release_date": "2024-03-27T23:00:00Z", "title": "CVE-2024-20278" }, { "cve": "CVE-2024-20324", "notes": [ { "category": "description", "text": "In Cisco IOS XE existieren mehrere Schwachstellen. Diese sind auf Fehler bei der Kontrolle von Privilegien und Nutzereingaben zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T033777" ] }, "release_date": "2024-03-27T23:00:00Z", "title": "CVE-2024-20324" }, { "cve": "CVE-2024-20316", "notes": [ { "category": "description", "text": "In Cisco IOS XE existiert eine Schwachstelle. Diese besteht aufgrund einem Fehler beim Umgang mit Error-Bedingungen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T033777" ] }, "release_date": "2024-03-27T23:00:00Z", "title": "CVE-2024-20316" } ] }
cve-2024-20309
Vulnerability from cvelistv5
Published
2024-03-27 17:02
Modified
2024-08-09 18:34
Severity ?
EPSS score ?
Summary
A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding.
This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit this vulnerability by reverse telnetting to the AUX port and sending specific data after connecting. A successful exploit could allow the attacker to cause the device to reset or stop responding, resulting in a denial of service (DoS) condition.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco IOS XE Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:41.337Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-aux-333WBz8f", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aux-333WBz8f" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-20309", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-09T18:34:11.134133Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-09T18:34:29.824Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "3.7.0S" }, { "status": "affected", "version": "3.7.1S" }, { "status": "affected", "version": "3.7.2S" }, { "status": "affected", "version": "3.7.3S" }, { "status": "affected", "version": "3.7.4S" }, { "status": "affected", "version": "3.7.5S" }, { "status": "affected", "version": "3.7.6S" }, { "status": "affected", "version": "3.7.7S" }, { "status": "affected", "version": "3.7.4aS" }, { "status": "affected", "version": "3.7.2tS" }, { "status": "affected", "version": "3.7.0bS" }, { "status": "affected", "version": "3.7.1aS" }, { "status": "affected", "version": "3.8.0S" }, { "status": "affected", "version": "3.8.1S" }, { "status": "affected", "version": "3.8.2S" }, { "status": "affected", "version": "3.9.1S" }, { "status": "affected", "version": "3.9.0S" }, { "status": "affected", "version": "3.9.2S" }, { "status": "affected", "version": "3.9.1aS" }, { "status": "affected", "version": "3.9.0aS" }, { "status": "affected", "version": "3.2.0SE" }, { "status": "affected", "version": "3.2.1SE" }, { "status": "affected", "version": "3.2.2SE" }, { "status": "affected", "version": "3.2.3SE" }, { "status": "affected", "version": "3.3.0SE" }, { "status": "affected", "version": "3.3.1SE" }, { "status": "affected", "version": "3.3.2SE" }, { "status": "affected", "version": "3.3.3SE" }, { "status": "affected", "version": "3.3.4SE" }, { "status": "affected", "version": "3.3.5SE" }, { "status": "affected", "version": "3.10.0S" }, { "status": "affected", "version": "3.10.1S" }, { "status": "affected", "version": "3.10.2S" }, { "status": "affected", "version": "3.10.3S" }, { "status": "affected", "version": "3.10.4S" }, { "status": "affected", "version": "3.10.5S" }, { "status": "affected", "version": "3.10.6S" }, { "status": "affected", "version": "3.10.2tS" }, { "status": "affected", "version": "3.10.7S" }, { "status": "affected", "version": "3.10.1xbS" }, { "status": "affected", "version": "3.10.8S" }, { "status": "affected", "version": "3.10.8aS" }, { "status": "affected", "version": "3.10.9S" }, { "status": "affected", "version": "3.10.10S" }, { "status": "affected", "version": "3.11.1S" }, { "status": "affected", "version": "3.11.2S" }, { "status": "affected", "version": "3.11.0S" }, { "status": "affected", "version": "3.11.3S" }, { "status": "affected", "version": "3.11.4S" }, { "status": "affected", "version": "3.12.0S" }, { "status": "affected", "version": "3.12.1S" }, { "status": "affected", "version": "3.12.2S" }, { "status": "affected", "version": "3.12.3S" }, { "status": "affected", "version": "3.12.0aS" }, { "status": "affected", "version": "3.12.4S" }, { "status": "affected", "version": "3.13.0S" }, { "status": "affected", "version": "3.13.1S" }, { "status": "affected", "version": "3.13.2S" }, { "status": "affected", "version": "3.13.3S" }, { "status": "affected", "version": "3.13.4S" }, { "status": "affected", "version": "3.13.5S" }, { "status": "affected", "version": "3.13.2aS" }, { "status": "affected", "version": "3.13.0aS" }, { "status": "affected", "version": "3.13.5aS" }, { "status": "affected", "version": "3.13.6S" }, { "status": "affected", "version": "3.13.7S" }, { "status": "affected", "version": "3.13.6aS" }, { "status": "affected", "version": "3.13.7aS" }, { "status": "affected", "version": "3.13.8S" }, { "status": "affected", "version": "3.13.9S" }, { "status": "affected", "version": "3.13.10S" }, { "status": "affected", "version": "3.6.2aE" }, { "status": "affected", "version": "3.6.2E" }, { "status": "affected", "version": "3.6.5bE" }, { "status": "affected", "version": "3.6.7bE" }, { "status": "affected", "version": "3.6.9E" }, { "status": "affected", "version": "3.6.10E" }, { "status": "affected", "version": "3.14.0S" }, { "status": "affected", "version": "3.14.1S" }, { "status": "affected", "version": "3.14.2S" }, { "status": "affected", "version": "3.14.3S" }, { "status": "affected", "version": "3.14.4S" }, { "status": "affected", "version": "3.15.0S" }, { "status": "affected", "version": "3.15.1S" }, { "status": "affected", "version": "3.15.2S" }, { "status": "affected", "version": "3.15.1cS" }, { "status": "affected", "version": "3.15.3S" }, { "status": "affected", "version": "3.15.4S" }, { "status": "affected", "version": "3.3.0SQ" }, { "status": "affected", "version": "3.3.1SQ" }, { "status": "affected", "version": "3.4.0SQ" }, { "status": "affected", "version": "3.4.1SQ" }, { "status": "affected", "version": "3.5.0SQ" }, { "status": "affected", "version": "3.5.1SQ" }, { "status": "affected", "version": "3.5.2SQ" }, { "status": "affected", "version": "3.5.3SQ" }, { "status": "affected", "version": "3.5.4SQ" }, { "status": "affected", "version": "3.5.5SQ" }, { "status": "affected", "version": "3.5.6SQ" }, { "status": "affected", "version": "3.5.7SQ" }, { "status": "affected", "version": "3.5.8SQ" }, { "status": "affected", "version": "3.16.0S" }, { "status": "affected", "version": "3.16.1S" }, { "status": "affected", "version": "3.16.1aS" }, { "status": "affected", "version": "3.16.2S" }, { "status": "affected", "version": "3.16.2aS" }, { "status": "affected", "version": "3.16.0cS" }, { "status": "affected", "version": "3.16.3S" }, { "status": "affected", "version": "3.16.2bS" }, { "status": "affected", "version": "3.16.3aS" }, { "status": "affected", "version": "3.16.4S" }, { "status": "affected", "version": "3.16.4aS" }, { "status": "affected", "version": "3.16.4bS" }, { "status": "affected", "version": "3.16.5S" }, { "status": "affected", "version": "3.16.4dS" }, { "status": "affected", "version": "3.16.6S" }, { "status": "affected", "version": "3.16.7S" }, { "status": "affected", "version": "3.16.6bS" }, { "status": "affected", "version": "3.16.7aS" }, { "status": "affected", "version": "3.16.7bS" }, { "status": "affected", "version": "3.16.8S" }, { "status": "affected", "version": "3.16.9S" }, { "status": "affected", "version": "3.16.10S" }, { "status": "affected", "version": "3.17.0S" }, { "status": "affected", "version": "3.17.1S" }, { "status": "affected", "version": "3.17.2S" }, { "status": "affected", "version": "3.17.1aS" }, { "status": "affected", "version": "3.17.3S" }, { "status": "affected", "version": "3.17.4S" }, { "status": "affected", "version": "16.1.1" }, { "status": "affected", "version": "16.1.2" }, { "status": "affected", "version": "16.1.3" }, { "status": "affected", "version": "16.2.1" }, { "status": "affected", "version": "16.2.2" }, { "status": "affected", "version": "16.3.1" }, { "status": "affected", "version": "16.3.2" }, { "status": "affected", "version": "16.3.3" }, { "status": "affected", "version": "16.3.1a" }, { "status": "affected", "version": "16.3.4" }, { "status": "affected", "version": "16.3.5" }, { "status": "affected", "version": "16.3.5b" }, { "status": "affected", "version": "16.3.6" }, { "status": "affected", "version": "16.3.7" }, { "status": "affected", "version": "16.3.8" }, { "status": "affected", "version": "16.3.9" }, { "status": "affected", "version": "16.3.10" }, { "status": "affected", "version": "16.3.11" }, { "status": "affected", "version": "16.4.1" }, { "status": "affected", "version": "16.4.2" }, { "status": "affected", "version": "16.4.3" }, { "status": "affected", "version": "16.5.1" }, { "status": "affected", "version": "16.5.1a" }, { "status": "affected", "version": "16.5.1b" }, { "status": "affected", "version": "16.5.2" }, { "status": "affected", "version": "16.5.3" }, { "status": "affected", "version": "3.18.0aS" }, { "status": "affected", "version": "3.18.0S" }, { "status": "affected", "version": "3.18.1S" }, { "status": "affected", "version": "3.18.2S" }, { "status": "affected", "version": "3.18.3S" }, { "status": "affected", "version": "3.18.4S" }, { "status": "affected", "version": "3.18.0SP" }, { "status": "affected", "version": "3.18.1SP" }, { "status": "affected", "version": "3.18.1aSP" }, { "status": "affected", "version": "3.18.1bSP" }, { "status": "affected", "version": "3.18.1cSP" }, { "status": "affected", "version": "3.18.2SP" }, { "status": "affected", "version": "3.18.2aSP" }, { "status": "affected", "version": "3.18.3SP" }, { "status": "affected", "version": "3.18.4SP" }, { "status": "affected", "version": "3.18.3aSP" }, { "status": "affected", "version": "3.18.3bSP" }, { "status": "affected", "version": "3.18.5SP" }, { "status": "affected", "version": "3.18.6SP" }, { "status": "affected", "version": "3.18.7SP" }, { "status": "affected", "version": "3.18.8aSP" }, { "status": "affected", "version": "3.18.9SP" }, { "status": "affected", "version": "16.6.1" }, { "status": "affected", "version": "16.6.2" }, { "status": "affected", "version": "16.6.3" }, { "status": "affected", "version": "16.6.4" }, { "status": "affected", "version": "16.6.5" }, { "status": "affected", "version": "16.6.4a" }, { "status": "affected", "version": "16.6.5a" }, { "status": "affected", "version": "16.6.6" }, { "status": "affected", "version": "16.6.7" }, { "status": "affected", "version": "16.6.8" }, { "status": "affected", "version": "16.6.9" }, { "status": "affected", "version": "16.6.10" }, { "status": "affected", "version": "16.7.1" }, { "status": "affected", "version": "16.7.1a" }, { "status": "affected", "version": "16.7.1b" }, { "status": "affected", "version": "16.7.2" }, { "status": "affected", "version": "16.7.3" }, { "status": "affected", "version": "16.7.4" }, { "status": "affected", "version": "16.8.1" }, { "status": "affected", "version": "16.8.1a" }, { "status": "affected", "version": "16.8.1b" }, { "status": "affected", "version": "16.8.1s" }, { "status": "affected", "version": "16.8.1c" }, { "status": "affected", "version": "16.8.1d" }, { "status": "affected", "version": "16.8.2" }, { "status": "affected", "version": "16.8.1e" }, { "status": "affected", "version": "16.8.3" }, { "status": "affected", "version": "16.9.1" }, { "status": "affected", "version": "16.9.2" }, { "status": "affected", "version": "16.9.1a" }, { "status": "affected", "version": "16.9.1b" }, { "status": "affected", "version": "16.9.1s" }, { "status": "affected", "version": "16.9.3" }, { "status": "affected", "version": "16.9.4" }, { "status": "affected", "version": "16.9.3a" }, { "status": "affected", "version": "16.9.5" }, { "status": "affected", "version": "16.9.5f" }, { "status": "affected", "version": "16.9.6" }, { "status": "affected", "version": "16.9.7" }, { "status": "affected", "version": "16.9.8" }, { "status": "affected", "version": "16.10.1" }, { "status": "affected", "version": "16.10.1a" }, { "status": "affected", "version": "16.10.1b" }, { "status": "affected", "version": "16.10.1s" }, { "status": "affected", "version": "16.10.1c" }, { "status": "affected", "version": "16.10.1e" }, { "status": "affected", "version": "16.10.1d" }, { "status": "affected", "version": "16.10.2" }, { "status": "affected", "version": "16.10.1f" }, { "status": "affected", "version": "16.10.1g" }, { "status": "affected", "version": "16.10.3" }, { "status": "affected", "version": "16.11.1" }, { "status": "affected", "version": "16.11.1a" }, { "status": "affected", "version": "16.11.1b" }, { "status": "affected", "version": "16.11.2" }, { "status": "affected", "version": "16.11.1s" }, { "status": "affected", "version": "16.12.1" }, { "status": "affected", "version": "16.12.1s" }, { "status": "affected", "version": "16.12.1a" }, { "status": "affected", "version": "16.12.1c" }, { "status": "affected", "version": "16.12.1w" }, { "status": "affected", "version": "16.12.2" }, { "status": "affected", "version": "16.12.1y" }, { "status": "affected", "version": "16.12.2a" }, { "status": "affected", "version": "16.12.3" }, { "status": "affected", "version": "16.12.8" }, { "status": "affected", "version": "16.12.2s" }, { "status": "affected", "version": "16.12.1x" }, { "status": "affected", "version": "16.12.1t" }, { "status": "affected", "version": "16.12.4" }, { "status": "affected", "version": "16.12.3s" }, { "status": "affected", "version": "16.12.3a" }, { "status": "affected", "version": "16.12.4a" }, { "status": "affected", "version": "16.12.5" }, { "status": "affected", "version": "16.12.6" }, { "status": "affected", "version": "16.12.1z1" }, { "status": "affected", "version": "16.12.5a" }, { "status": "affected", "version": "16.12.5b" }, { "status": "affected", "version": "16.12.1z2" }, { "status": "affected", "version": "16.12.6a" }, { "status": "affected", "version": "16.12.7" }, { "status": "affected", "version": "16.12.9" }, { "status": "affected", "version": "16.12.10" }, { "status": "affected", "version": "16.12.10a" }, { "status": "affected", "version": "17.1.1" }, { "status": "affected", "version": "17.1.1a" }, { "status": "affected", "version": "17.1.1s" }, { "status": "affected", "version": "17.1.1t" }, { "status": "affected", "version": "17.1.3" }, { "status": "affected", "version": "17.2.1" }, { "status": "affected", "version": "17.2.1r" }, { "status": "affected", "version": "17.2.1a" }, { "status": "affected", "version": "17.2.1v" }, { "status": "affected", "version": "17.2.2" }, { "status": "affected", "version": "17.2.3" }, { "status": "affected", "version": "17.3.1" }, { "status": "affected", "version": "17.3.2" }, { "status": "affected", "version": "17.3.3" }, { "status": "affected", "version": "17.3.1a" }, { "status": "affected", "version": "17.3.1w" }, { "status": "affected", "version": "17.3.2a" }, { "status": "affected", "version": "17.3.1x" }, { "status": "affected", "version": "17.3.1z" }, { "status": "affected", "version": "17.3.4" }, { "status": "affected", "version": "17.3.5" }, { "status": "affected", "version": "17.3.4a" }, { "status": "affected", "version": "17.3.6" }, { "status": "affected", "version": "17.3.4b" }, { "status": "affected", "version": "17.3.4c" }, { "status": "affected", "version": "17.3.5a" }, { "status": "affected", "version": "17.3.5b" }, { "status": "affected", "version": "17.3.7" }, { "status": "affected", "version": "17.3.8" }, { "status": "affected", "version": "17.3.8a" }, { "status": "affected", "version": "17.4.1" }, { "status": "affected", "version": "17.4.2" }, { "status": "affected", "version": "17.4.1a" }, { "status": "affected", "version": "17.4.1b" }, { "status": "affected", "version": "17.4.2a" }, { "status": "affected", "version": "17.5.1" }, { "status": "affected", "version": "17.5.1a" }, { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.1w" }, { "status": "affected", "version": "17.6.1a" }, { "status": "affected", "version": "17.6.1x" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.1y" }, { "status": "affected", "version": "17.6.1z" }, { "status": "affected", "version": "17.6.3a" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.1z1" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.6.6" }, { "status": "affected", "version": "17.6.6a" }, { "status": "affected", "version": "17.6.5a" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.7.1a" }, { "status": "affected", "version": "17.7.1b" }, { "status": "affected", "version": "17.7.2" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.10.1b" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.8.1a" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.1w" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.1a" }, { "status": "affected", "version": "17.9.1x" }, { "status": "affected", "version": "17.9.1y" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.9.2a" }, { "status": "affected", "version": "17.9.1x1" }, { "status": "affected", "version": "17.9.3a" }, { "status": "affected", "version": "17.9.4" }, { "status": "affected", "version": "17.9.1y1" }, { "status": "affected", "version": "17.9.4a" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.11.1a" }, { "status": "affected", "version": "17.12.1" }, { "status": "affected", "version": "17.12.1w" }, { "status": "affected", "version": "17.12.1a" }, { "status": "affected", "version": "17.12.2" }, { "status": "affected", "version": "17.12.2a" }, { "status": "affected", "version": "17.11.99SW" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding.\r\n\r This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit this vulnerability by reverse telnetting to the AUX port and sending specific data after connecting. A successful exploit could allow the attacker to cause the device to reset or stop responding, resulting in a denial of service (DoS) condition." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-828", "description": "Signal Handler with Functionality that is not Asynchronous-Safe", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-27T17:02:19.749Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-aux-333WBz8f", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aux-333WBz8f" } ], "source": { "advisory": "cisco-sa-aux-333WBz8f", "defects": [ "CSCwh47363" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20309", "datePublished": "2024-03-27T17:02:19.749Z", "dateReserved": "2023-11-08T15:08:07.631Z", "dateUpdated": "2024-08-09T18:34:29.824Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20278
Vulnerability from cvelistv5
Published
2024-03-27 16:59
Modified
2024-08-15 16:45
Severity ?
EPSS score ?
Summary
A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A successful exploit could allow the attacker to elevate privileges from Administrator to root.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco IOS XE Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:41.100Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-iosxe-priv-esc-seAx6NLX", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-seAx6NLX" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.1w:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.1x:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.1y:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.1z:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.3a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.1z1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.6a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.5a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.7.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.7.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.10.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.10.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.8.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.1w:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.1x:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.1y:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.2a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.1x1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.3a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.1y1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.4a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.11.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.11.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.12.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.12.1w:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.12.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.11.99sw:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios_xe", "vendor": "cisco", "versions": [ { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.1w" }, { "status": "affected", "version": "17.6.1a" }, { "status": "affected", "version": "17.6.1x" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.1y" }, { "status": "affected", "version": "17.6.1z" }, { "status": "affected", "version": "17.6.3a" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.1z1" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.6.6" }, { "status": "affected", "version": "17.6.6a" }, { "status": "affected", "version": "17.6.5a" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.7.1a" }, { "status": "affected", "version": "17.7.1b" }, { "status": "affected", "version": "17.7.2" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.10.1b" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.8.1a" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.1w" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.1a" }, { "status": "affected", "version": "17.9.1x" }, { "status": "affected", "version": "17.9.1y" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.9.2a" }, { "status": "affected", "version": "17.9.1x1" }, { "status": "affected", "version": "17.9.3a" }, { "status": "affected", "version": "17.9.4" }, { "status": "affected", "version": "17.9.1y1" }, { "status": "affected", "version": "17.9.4a" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.11.1a" }, { "status": "affected", "version": "17.12.1" }, { "status": "affected", "version": "17.12.1w" }, { "status": "affected", "version": "17.12.1a" }, { "status": "affected", "version": "17.11.99sw" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20278", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-28T04:00:40.599661Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-15T16:45:09.481Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.1w" }, { "status": "affected", "version": "17.6.1a" }, { "status": "affected", "version": "17.6.1x" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.1y" }, { "status": "affected", "version": "17.6.1z" }, { "status": "affected", "version": "17.6.3a" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.1z1" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.6.6" }, { "status": "affected", "version": "17.6.6a" }, { "status": "affected", "version": "17.6.5a" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.7.1a" }, { "status": "affected", "version": "17.7.1b" }, { "status": "affected", "version": "17.7.2" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.10.1b" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.8.1a" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.1w" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.1a" }, { "status": "affected", "version": "17.9.1x" }, { "status": "affected", "version": "17.9.1y" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.9.2a" }, { "status": "affected", "version": "17.9.1x1" }, { "status": "affected", "version": "17.9.3a" }, { "status": "affected", "version": "17.9.4" }, { "status": "affected", "version": "17.9.1y1" }, { "status": "affected", "version": "17.9.4a" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.11.1a" }, { "status": "affected", "version": "17.12.1" }, { "status": "affected", "version": "17.12.1w" }, { "status": "affected", "version": "17.12.1a" }, { "status": "affected", "version": "17.11.99SW" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A successful exploit could allow the attacker to elevate privileges from Administrator to root." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-184", "description": "Incomplete List of Disallowed Inputs", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-27T16:59:12.963Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-iosxe-priv-esc-seAx6NLX", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-seAx6NLX" } ], "source": { "advisory": "cisco-sa-iosxe-priv-esc-seAx6NLX", "defects": [ "CSCwf91143" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20278", "datePublished": "2024-03-27T16:59:12.963Z", "dateReserved": "2023-11-08T15:08:07.625Z", "dateUpdated": "2024-08-15T16:45:09.481Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20316
Vulnerability from cvelistv5
Published
2024-03-27 16:49
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL).
This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco IOS XE Software |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.11:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.5a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.3a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.5f:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.5a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.5b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.6a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.9:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.10:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.10a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.11:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.2a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.4a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.4b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.4c:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.5a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.5b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.8a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.4.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.4.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.4.2a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.5.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.3a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.6a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.5a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.7.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.7.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.10.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.10.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.8.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.2a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.3a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.4a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.11.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.11.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.12.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.12.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.12.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.12.2a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.11.99SW:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios_xe", "vendor": "cisco", "versions": [ { "status": "affected", "version": "16.3.1" }, { "status": "affected", "version": "16.3.2" }, { "status": "affected", "version": "16.3.3" }, { "status": "affected", "version": "16.3.1a" }, { "status": "affected", "version": "16.3.4" }, { "status": "affected", "version": "16.3.5" }, { "status": "affected", "version": "16.3.5b" }, { "status": "affected", "version": "16.3.6" }, { "status": "affected", "version": "16.3.7" }, { "status": "affected", "version": "16.3.8" }, { "status": "affected", "version": "16.3.9" }, { "status": "affected", "version": "16.3.10" }, { "status": "affected", "version": "16.3.11" }, { "status": "affected", "version": "16.4.1" }, { "status": "affected", "version": "16.4.2" }, { "status": "affected", "version": "16.4.3" }, { "status": "affected", "version": "16.5.1" }, { "status": "affected", "version": "16.5.1a" }, { "status": "affected", "version": "16.5.1b" }, { "status": "affected", "version": "16.5.2" }, { "status": "affected", "version": "16.5.3" }, { "status": "affected", "version": "16.6.1" }, { "status": "affected", "version": "16.6.2" }, { "status": "affected", "version": "16.6.3" }, { "status": "affected", "version": "16.6.4" }, { "status": "affected", "version": "16.6.5" }, { "status": "affected", "version": "16.6.4a" }, { "status": "affected", "version": "16.6.5a" }, { "status": "affected", "version": "16.6.6" }, { "status": "affected", "version": "16.6.7" }, { "status": "affected", "version": "16.6.8" }, { "status": "affected", "version": "16.6.9" }, { "status": "affected", "version": "16.6.10" }, { "status": "affected", "version": "16.7.1" }, { "status": "affected", "version": "16.7.2" }, { "status": "affected", "version": "16.7.3" }, { "status": "affected", "version": "16.8.1" }, { "status": "affected", "version": "16.8.1a" }, { "status": "affected", "version": "16.8.1b" }, { "status": "affected", "version": "16.8.1s" }, { "status": "affected", "version": "16.8.1c" }, { "status": "affected", "version": "16.8.2" }, { "status": "affected", "version": "16.8.3" }, { "status": "affected", "version": "16.9.1" }, { "status": "affected", "version": "16.9.2" }, { "status": "affected", "version": "16.9.1a" }, { "status": "affected", "version": "16.9.1b" }, { "status": "affected", "version": "16.9.1s" }, { "status": "affected", "version": "16.9.3" }, { "status": "affected", "version": "16.9.4" }, { "status": "affected", "version": "16.9.3a" }, { "status": "affected", "version": "16.9.5" }, { "status": "affected", "version": "16.9.5f" }, { "status": "affected", "version": "16.9.6" }, { "status": "affected", "version": "16.9.7" }, { "status": "affected", "version": "16.9.8" }, { "status": "affected", "version": "16.10.1" }, { "status": "affected", "version": "16.10.1a" }, { "status": "affected", "version": "16.10.1b" }, { "status": "affected", "version": "16.10.1s" }, { "status": "affected", "version": "16.10.1e" }, { "status": "affected", "version": "16.10.2" }, { "status": "affected", "version": "16.10.3" }, { "status": "affected", "version": "16.11.1" }, { "status": "affected", "version": "16.11.1a" }, { "status": "affected", "version": "16.11.1b" }, { "status": "affected", "version": "16.11.2" }, { "status": "affected", "version": "16.11.1s" }, { "status": "affected", "version": "16.12.1" }, { "status": "affected", "version": "16.12.1s" }, { "status": "affected", "version": "16.12.1a" }, { "status": "affected", "version": "16.12.1c" }, { "status": "affected", "version": "16.12.2" }, { "status": "affected", "version": "16.12.2a" }, { "status": "affected", "version": "16.12.3" }, { "status": "affected", "version": "16.12.8" }, { "status": "affected", "version": "16.12.2s" }, { "status": "affected", "version": "16.12.1t" }, { "status": "affected", "version": "16.12.4" }, { "status": "affected", "version": "16.12.3s" }, { "status": "affected", "version": "16.12.3a" }, { "status": "affected", "version": "16.12.4a" }, { "status": "affected", "version": "16.12.5" }, { "status": "affected", "version": "16.12.6" }, { "status": "affected", "version": "16.12.5a" }, { "status": "affected", "version": "16.12.5b" }, { "status": "affected", "version": "16.12.6a" }, { "status": "affected", "version": "16.12.7" }, { "status": "affected", "version": "16.12.9" }, { "status": "affected", "version": "16.12.10" }, { "status": "affected", "version": "16.12.10a" }, { "status": "affected", "version": "16.12.11" }, { "status": "affected", "version": "17.1.1" }, { "status": "affected", "version": "17.1.1a" }, { "status": "affected", "version": "17.1.1s" }, { "status": "affected", "version": "17.1.1t" }, { "status": "affected", "version": "17.1.3" }, { "status": "affected", "version": "17.2.1" }, { "status": "affected", "version": "17.2.1r" }, { "status": "affected", "version": "17.2.1a" }, { "status": "affected", "version": "17.2.1v" }, { "status": "affected", "version": "17.2.2" }, { "status": "affected", "version": "17.2.3" }, { "status": "affected", "version": "17.3.1" }, { "status": "affected", "version": "17.3.2" }, { "status": "affected", "version": "17.3.3" }, { "status": "affected", "version": "17.3.1a" }, { "status": "affected", "version": "17.3.2a" }, { "status": "affected", "version": "17.3.4" }, { "status": "affected", "version": "17.3.5" }, { "status": "affected", "version": "17.3.4a" }, { "status": "affected", "version": "17.3.6" }, { "status": "affected", "version": "17.3.4b" }, { "status": "affected", "version": "17.3.4c" }, { "status": "affected", "version": "17.3.5a" }, { "status": "affected", "version": "17.3.5b" }, { "status": "affected", "version": "17.3.7" }, { "status": "affected", "version": "17.3.8" }, { "status": "affected", "version": "17.3.8a" }, { "status": "affected", "version": "17.4.1" }, { "status": "affected", "version": "17.4.2" }, { "status": "affected", "version": "17.4.1a" }, { "status": "affected", "version": "17.4.1b" }, { "status": "affected", "version": "17.4.2a" }, { "status": "affected", "version": "17.5.1" }, { "status": "affected", "version": "17.5.1a" }, { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.1a" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.3a" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.6.6" }, { "status": "affected", "version": "17.6.6a" }, { "status": "affected", "version": "17.6.5a" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.7.1a" }, { "status": "affected", "version": "17.7.1b" }, { "status": "affected", "version": "17.7.2" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.10.1b" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.8.1a" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.1a" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.9.2a" }, { "status": "affected", "version": "17.9.3a" }, { "status": "affected", "version": "17.9.4" }, { "status": "affected", "version": "17.9.4a" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.11.1a" }, { "status": "affected", "version": "17.12.1" }, { "status": "affected", "version": "17.12.1a" }, { "status": "affected", "version": "17.12.2" }, { "status": "affected", "version": "17.12.2a" }, { "status": "affected", "version": "17.11.99SW" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20316", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-29T17:11:12.713334Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-02T16:25:58.752Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:42.197Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-dmi-acl-bypass-Xv8FO8Vz", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "16.3.1" }, { "status": "affected", "version": "16.3.2" }, { "status": "affected", "version": "16.3.3" }, { "status": "affected", "version": "16.3.1a" }, { "status": "affected", "version": "16.3.4" }, { "status": "affected", "version": "16.3.5" }, { "status": "affected", "version": "16.3.5b" }, { "status": "affected", "version": "16.3.6" }, { "status": "affected", "version": "16.3.7" }, { "status": "affected", "version": "16.3.8" }, { "status": "affected", "version": "16.3.9" }, { "status": "affected", "version": "16.3.10" }, { "status": "affected", "version": "16.3.11" }, { "status": "affected", "version": "16.4.1" }, { "status": "affected", "version": "16.4.2" }, { "status": "affected", "version": "16.4.3" }, { "status": "affected", "version": "16.5.1" }, { "status": "affected", "version": "16.5.1a" }, { "status": "affected", "version": "16.5.1b" }, { "status": "affected", "version": "16.5.2" }, { "status": "affected", "version": "16.5.3" }, { "status": "affected", "version": "16.6.1" }, { "status": "affected", "version": "16.6.2" }, { "status": "affected", "version": "16.6.3" }, { "status": "affected", "version": "16.6.4" }, { "status": "affected", "version": "16.6.5" }, { "status": "affected", "version": "16.6.4a" }, { "status": "affected", "version": "16.6.5a" }, { "status": "affected", "version": "16.6.6" }, { "status": "affected", "version": "16.6.7" }, { "status": "affected", "version": "16.6.8" }, { "status": "affected", "version": "16.6.9" }, { "status": "affected", "version": "16.6.10" }, { "status": "affected", "version": "16.7.1" }, { "status": "affected", "version": "16.7.2" }, { "status": "affected", "version": "16.7.3" }, { "status": "affected", "version": "16.8.1" }, { "status": "affected", "version": "16.8.1a" }, { "status": "affected", "version": "16.8.1b" }, { "status": "affected", "version": "16.8.1s" }, { "status": "affected", "version": "16.8.1c" }, { "status": "affected", "version": "16.8.2" }, { "status": "affected", "version": "16.8.3" }, { "status": "affected", "version": "16.9.1" }, { "status": "affected", "version": "16.9.2" }, { "status": "affected", "version": "16.9.1a" }, { "status": "affected", "version": "16.9.1b" }, { "status": "affected", "version": "16.9.1s" }, { "status": "affected", "version": "16.9.3" }, { "status": "affected", "version": "16.9.4" }, { "status": "affected", "version": "16.9.3a" }, { "status": "affected", "version": "16.9.5" }, { "status": "affected", "version": "16.9.5f" }, { "status": "affected", "version": "16.9.6" }, { "status": "affected", "version": "16.9.7" }, { "status": "affected", "version": "16.9.8" }, { "status": "affected", "version": "16.10.1" }, { "status": "affected", "version": "16.10.1a" }, { "status": "affected", "version": "16.10.1b" }, { "status": "affected", "version": "16.10.1s" }, { "status": "affected", "version": "16.10.1e" }, { "status": "affected", "version": "16.10.2" }, { "status": "affected", "version": "16.10.3" }, { "status": "affected", "version": "16.11.1" }, { "status": "affected", "version": "16.11.1a" }, { "status": "affected", "version": "16.11.1b" }, { "status": "affected", "version": "16.11.2" }, { "status": "affected", "version": "16.11.1s" }, { "status": "affected", "version": "16.12.1" }, { "status": "affected", "version": "16.12.1s" }, { "status": "affected", "version": "16.12.1a" }, { "status": "affected", "version": "16.12.1c" }, { "status": "affected", "version": "16.12.2" }, { "status": "affected", "version": "16.12.2a" }, { "status": "affected", "version": "16.12.3" }, { "status": "affected", "version": "16.12.8" }, { "status": "affected", "version": "16.12.2s" }, { "status": "affected", "version": "16.12.1t" }, { "status": "affected", "version": "16.12.4" }, { "status": "affected", "version": "16.12.3s" }, { "status": "affected", "version": "16.12.3a" }, { "status": "affected", "version": "16.12.4a" }, { "status": "affected", "version": "16.12.5" }, { "status": "affected", "version": "16.12.6" }, { "status": "affected", "version": "16.12.5a" }, { "status": "affected", "version": "16.12.5b" }, { "status": "affected", "version": "16.12.6a" }, { "status": "affected", "version": "16.12.7" }, { "status": "affected", "version": "16.12.9" }, { "status": "affected", "version": "16.12.10" }, { "status": "affected", "version": "16.12.10a" }, { "status": "affected", "version": "16.12.11" }, { "status": "affected", "version": "17.1.1" }, { "status": "affected", "version": "17.1.1a" }, { "status": "affected", "version": "17.1.1s" }, { "status": "affected", "version": "17.1.1t" }, { "status": "affected", "version": "17.1.3" }, { "status": "affected", "version": "17.2.1" }, { "status": "affected", "version": "17.2.1r" }, { "status": "affected", "version": "17.2.1a" }, { "status": "affected", "version": "17.2.1v" }, { "status": "affected", "version": "17.2.2" }, { "status": "affected", "version": "17.2.3" }, { "status": "affected", "version": "17.3.1" }, { "status": "affected", "version": "17.3.2" }, { "status": "affected", "version": "17.3.3" }, { "status": "affected", "version": "17.3.1a" }, { "status": "affected", "version": "17.3.2a" }, { "status": "affected", "version": "17.3.4" }, { "status": "affected", "version": "17.3.5" }, { "status": "affected", "version": "17.3.4a" }, { "status": "affected", "version": "17.3.6" }, { "status": "affected", "version": "17.3.4b" }, { "status": "affected", "version": "17.3.4c" }, { "status": "affected", "version": "17.3.5a" }, { "status": "affected", "version": "17.3.5b" }, { "status": "affected", "version": "17.3.7" }, { "status": "affected", "version": "17.3.8" }, { "status": "affected", "version": "17.3.8a" }, { "status": "affected", "version": "17.4.1" }, { "status": "affected", "version": "17.4.2" }, { "status": "affected", "version": "17.4.1a" }, { "status": "affected", "version": "17.4.1b" }, { "status": "affected", "version": "17.4.2a" }, { "status": "affected", "version": "17.5.1" }, { "status": "affected", "version": "17.5.1a" }, { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.1a" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.3a" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.6.6" }, { "status": "affected", "version": "17.6.6a" }, { "status": "affected", "version": "17.6.5a" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.7.1a" }, { "status": "affected", "version": "17.7.1b" }, { "status": "affected", "version": "17.7.2" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.10.1b" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.8.1a" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.1a" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.9.2a" }, { "status": "affected", "version": "17.9.3a" }, { "status": "affected", "version": "17.9.4" }, { "status": "affected", "version": "17.9.4a" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.11.1a" }, { "status": "affected", "version": "17.12.1" }, { "status": "affected", "version": "17.12.1a" }, { "status": "affected", "version": "17.12.2" }, { "status": "affected", "version": "17.12.2a" }, { "status": "affected", "version": "17.11.99SW" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL).\r\n\r This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-390", "description": "Detection of Error Condition Without Action", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-27T16:49:03.113Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-dmi-acl-bypass-Xv8FO8Vz", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz" } ], "source": { "advisory": "cisco-sa-dmi-acl-bypass-Xv8FO8Vz", "defects": [ "CSCwf92391", "CSCwe12169" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20316", "datePublished": "2024-03-27T16:49:03.113Z", "dateReserved": "2023-11-08T15:08:07.632Z", "dateUpdated": "2024-08-01T21:59:42.197Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20306
Vulnerability from cvelistv5
Published
2024-03-27 16:58
Modified
2024-08-16 18:48
Severity ?
EPSS score ?
Summary
A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying operating system.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco IOS XE Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:41.650Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-iosxe-utd-cmd-JbL8KvHT", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-utd-cmd-JbL8KvHT" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios_xe", "vendor": "cisco", "versions": [ { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.10.1b" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.11.1a" }, { "status": "affected", "version": "17.12.1" }, { "status": "affected", "version": "17.12.1w" }, { "status": "affected", "version": "17.12.1a" }, { "status": "affected", "version": "17.11.99SW" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20306", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-28T04:00:39.411568Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T18:48:47.441Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.10.1b" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.11.1a" }, { "status": "affected", "version": "17.12.1" }, { "status": "affected", "version": "17.12.1w" }, { "status": "affected", "version": "17.12.1a" }, { "status": "affected", "version": "17.11.99SW" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device. \r\n\r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying operating system." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-233", "description": "Improper Handling of Parameters", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-27T16:58:22.583Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-iosxe-utd-cmd-JbL8KvHT", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-utd-cmd-JbL8KvHT" } ], "source": { "advisory": "cisco-sa-iosxe-utd-cmd-JbL8KvHT", "defects": [ "CSCwh05263" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20306", "datePublished": "2024-03-27T16:58:22.583Z", "dateReserved": "2023-11-08T15:08:07.631Z", "dateUpdated": "2024-08-16T18:48:47.441Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20314
Vulnerability from cvelistv5
Published
2024-03-27 16:57
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper handling of certain IPv4 packets. An attacker could exploit this vulnerability by sending certain IPv4 packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco IOS XE Software |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.9:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.10:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.3.11:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.5a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.8.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.3a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.5f:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.9.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.5a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.5b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.6a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.9:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.10:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.10a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.11:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.2a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.4a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.4b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.4c:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.5a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.5b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.8a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.4.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.4.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.4.2a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.5.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.3a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.6a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.5a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.7.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.7.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.10.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.10.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.8.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.2a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.3a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.4a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.11.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.11.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.12.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.12.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.12.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.12.2a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.11.99SW:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios_xe", "vendor": "cisco", "versions": [ { "status": "affected", "version": "16.3.1" }, { "status": "affected", "version": "16.3.2" }, { "status": "affected", "version": "16.3.3" }, { "status": "affected", "version": "16.3.1a" }, { "status": "affected", "version": "16.3.4" }, { "status": "affected", "version": "16.3.5" }, { "status": "affected", "version": "16.3.5b" }, { "status": "affected", "version": "16.3.6" }, { "status": "affected", "version": "16.3.7" }, { "status": "affected", "version": "16.3.8" }, { "status": "affected", "version": "16.3.9" }, { "status": "affected", "version": "16.3.10" }, { "status": "affected", "version": "16.3.11" }, { "status": "affected", "version": "16.4.1" }, { "status": "affected", "version": "16.4.2" }, { "status": "affected", "version": "16.4.3" }, { "status": "affected", "version": "16.5.1" }, { "status": "affected", "version": "16.5.1a" }, { "status": "affected", "version": "16.5.1b" }, { "status": "affected", "version": "16.5.2" }, { "status": "affected", "version": "16.5.3" }, { "status": "affected", "version": "16.6.1" }, { "status": "affected", "version": "16.6.2" }, { "status": "affected", "version": "16.6.3" }, { "status": "affected", "version": "16.6.4" }, { "status": "affected", "version": "16.6.5" }, { "status": "affected", "version": "16.6.4a" }, { "status": "affected", "version": "16.6.5a" }, { "status": "affected", "version": "16.6.6" }, { "status": "affected", "version": "16.6.7" }, { "status": "affected", "version": "16.6.8" }, { "status": "affected", "version": "16.6.9" }, { "status": "affected", "version": "16.6.10" }, { "status": "affected", "version": "16.7.1" }, { "status": "affected", "version": "16.7.2" }, { "status": "affected", "version": "16.7.3" }, { "status": "affected", "version": "16.8.1" }, { "status": "affected", "version": "16.8.1a" }, { "status": "affected", "version": "16.8.1b" }, { "status": "affected", "version": "16.8.1s" }, { "status": "affected", "version": "16.8.1c" }, { "status": "affected", "version": "16.8.2" }, { "status": "affected", "version": "16.8.3" }, { "status": "affected", "version": "16.9.1" }, { "status": "affected", "version": "16.9.2" }, { "status": "affected", "version": "16.9.1a" }, { "status": "affected", "version": "16.9.1b" }, { "status": "affected", "version": "16.9.1s" }, { "status": "affected", "version": "16.9.3" }, { "status": "affected", "version": "16.9.4" }, { "status": "affected", "version": "16.9.3a" }, { "status": "affected", "version": "16.9.5" }, { "status": "affected", "version": "16.9.5f" }, { "status": "affected", "version": "16.9.6" }, { "status": "affected", "version": "16.9.7" }, { "status": "affected", "version": "16.9.8" }, { "status": "affected", "version": "16.10.1" }, { "status": "affected", "version": "16.10.1a" }, { "status": "affected", "version": "16.10.1b" }, { "status": "affected", "version": "16.10.1s" }, { "status": "affected", "version": "16.10.1e" }, { "status": "affected", "version": "16.10.2" }, { "status": "affected", "version": "16.10.3" }, { "status": "affected", "version": "16.11.1" }, { "status": "affected", "version": "16.11.1a" }, { "status": "affected", "version": "16.11.1b" }, { "status": "affected", "version": "16.11.2" }, { "status": "affected", "version": "16.11.1s" }, { "status": "affected", "version": "16.12.1" }, { "status": "affected", "version": "16.12.1s" }, { "status": "affected", "version": "16.12.1a" }, { "status": "affected", "version": "16.12.1c" }, { "status": "affected", "version": "16.12.2" }, { "status": "affected", "version": "16.12.2a" }, { "status": "affected", "version": "16.12.3" }, { "status": "affected", "version": "16.12.8" }, { "status": "affected", "version": "16.12.2s" }, { "status": "affected", "version": "16.12.1t" }, { "status": "affected", "version": "16.12.4" }, { "status": "affected", "version": "16.12.3s" }, { "status": "affected", "version": "16.12.3a" }, { "status": "affected", "version": "16.12.4a" }, { "status": "affected", "version": "16.12.5" }, { "status": "affected", "version": "16.12.6" }, { "status": "affected", "version": "16.12.5a" }, { "status": "affected", "version": "16.12.5b" }, { "status": "affected", "version": "16.12.6a" }, { "status": "affected", "version": "16.12.7" }, { "status": "affected", "version": "16.12.9" }, { "status": "affected", "version": "16.12.10" }, { "status": "affected", "version": "16.12.10a" }, { "status": "affected", "version": "16.12.11" }, { "status": "affected", "version": "17.1.1" }, { "status": "affected", "version": "17.1.1a" }, { "status": "affected", "version": "17.1.1s" }, { "status": "affected", "version": "17.1.1t" }, { "status": "affected", "version": "17.1.3" }, { "status": "affected", "version": "17.2.1" }, { "status": "affected", "version": "17.2.1r" }, { "status": "affected", "version": "17.2.1a" }, { "status": "affected", "version": "17.2.1v" }, { "status": "affected", "version": "17.2.2" }, { "status": "affected", "version": "17.2.3" }, { "status": "affected", "version": "17.3.1" }, { "status": "affected", "version": "17.3.2" }, { "status": "affected", "version": "17.3.3" }, { "status": "affected", "version": "17.3.1a" }, { "status": "affected", "version": "17.3.2a" }, { "status": "affected", "version": "17.3.4" }, { "status": "affected", "version": "17.3.5" }, { "status": "affected", "version": "17.3.4a" }, { "status": "affected", "version": "17.3.6" }, { "status": "affected", "version": "17.3.4b" }, { "status": "affected", "version": "17.3.4c" }, { "status": "affected", "version": "17.3.5a" }, { "status": "affected", "version": "17.3.5b" }, { "status": "affected", "version": "17.3.7" }, { "status": "affected", "version": "17.3.8" }, { "status": "affected", "version": "17.3.8a" }, { "status": "affected", "version": "17.4.1" }, { "status": "affected", "version": "17.4.2" }, { "status": "affected", "version": "17.4.1a" }, { "status": "affected", "version": "17.4.1b" }, { "status": "affected", "version": "17.4.2a" }, { "status": "affected", "version": "17.5.1" }, { "status": "affected", "version": "17.5.1a" }, { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.1a" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.3a" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.6.6" }, { "status": "affected", "version": "17.6.6a" }, { "status": "affected", "version": "17.6.5a" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.7.1a" }, { "status": "affected", "version": "17.7.1b" }, { "status": "affected", "version": "17.7.2" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.10.1b" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.8.1a" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.1a" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.9.2a" }, { "status": "affected", "version": "17.9.3a" }, { "status": "affected", "version": "17.9.4" }, { "status": "affected", "version": "17.9.4a" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.11.1a" }, { "status": "affected", "version": "17.12.1" }, { "status": "affected", "version": "17.12.1a" }, { "status": "affected", "version": "17.12.2" }, { "status": "affected", "version": "17.12.2a" }, { "status": "affected", "version": "17.11.99SW" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20314", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-28T17:25:30.623311Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-02T16:25:13.272Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:42.311Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "16.1.1" }, { "status": "affected", "version": "16.1.2" }, { "status": "affected", "version": "16.1.3" }, { "status": "affected", "version": "16.2.1" }, { "status": "affected", "version": "16.2.2" }, { "status": "affected", "version": "16.3.1" }, { "status": "affected", "version": "16.3.2" }, { "status": "affected", "version": "16.3.3" }, { "status": "affected", "version": "16.3.1a" }, { "status": "affected", "version": "16.3.4" }, { "status": "affected", "version": "16.3.5" }, { "status": "affected", "version": "16.3.5b" }, { "status": "affected", "version": "16.3.6" }, { "status": "affected", "version": "16.3.7" }, { "status": "affected", "version": "16.3.8" }, { "status": "affected", "version": "16.3.9" }, { "status": "affected", "version": "16.3.10" }, { "status": "affected", "version": "16.3.11" }, { "status": "affected", "version": "16.4.1" }, { "status": "affected", "version": "16.4.2" }, { "status": "affected", "version": "16.4.3" }, { "status": "affected", "version": "16.5.1" }, { "status": "affected", "version": "16.5.1a" }, { "status": "affected", "version": "16.5.1b" }, { "status": "affected", "version": "16.5.2" }, { "status": "affected", "version": "16.5.3" }, { "status": "affected", "version": "16.6.1" }, { "status": "affected", "version": "16.6.2" }, { "status": "affected", "version": "16.6.3" }, { "status": "affected", "version": "16.6.4" }, { "status": "affected", "version": "16.6.5" }, { "status": "affected", "version": "16.6.4a" }, { "status": "affected", "version": "16.6.5a" }, { "status": "affected", "version": "16.6.6" }, { "status": "affected", "version": "16.6.7" }, { "status": "affected", "version": "16.6.8" }, { "status": "affected", "version": "16.6.9" }, { "status": "affected", "version": "16.6.10" }, { "status": "affected", "version": "16.7.1" }, { "status": "affected", "version": "16.7.1a" }, { "status": "affected", "version": "16.7.1b" }, { "status": "affected", "version": "16.7.2" }, { "status": "affected", "version": "16.7.3" }, { "status": "affected", "version": "16.7.4" }, { "status": "affected", "version": "16.8.1" }, { "status": "affected", "version": "16.8.1a" }, { "status": "affected", "version": "16.8.1b" }, { "status": "affected", "version": "16.8.1s" }, { "status": "affected", "version": "16.8.1c" }, { "status": "affected", "version": "16.8.1d" }, { "status": "affected", "version": "16.8.2" }, { "status": "affected", "version": "16.8.1e" }, { "status": "affected", "version": "16.8.3" }, { "status": "affected", "version": "16.9.1" }, { "status": "affected", "version": "16.9.2" }, { "status": "affected", "version": "16.9.1a" }, { "status": "affected", "version": "16.9.1b" }, { "status": "affected", "version": "16.9.1s" }, { "status": "affected", "version": "16.9.3" }, { "status": "affected", "version": "16.9.4" }, { "status": "affected", "version": "16.9.3a" }, { "status": "affected", "version": "16.9.5" }, { "status": "affected", "version": "16.9.5f" }, { "status": "affected", "version": "16.9.6" }, { "status": "affected", "version": "16.9.7" }, { "status": "affected", "version": "16.9.8" }, { "status": "affected", "version": "16.10.1" }, { "status": "affected", "version": "16.10.1a" }, { "status": "affected", "version": "16.10.1b" }, { "status": "affected", "version": "16.10.1s" }, { "status": "affected", "version": "16.10.1c" }, { "status": "affected", "version": "16.10.1e" }, { "status": "affected", "version": "16.10.1d" }, { "status": "affected", "version": "16.10.2" }, { "status": "affected", "version": "16.10.1f" }, { "status": "affected", "version": "16.10.1g" }, { "status": "affected", "version": "16.10.3" }, { "status": "affected", "version": "16.11.1" }, { "status": "affected", "version": "16.11.1a" }, { "status": "affected", "version": "16.11.1b" }, { "status": "affected", "version": "16.11.2" }, { "status": "affected", "version": "16.11.1s" }, { "status": "affected", "version": "16.12.1" }, { "status": "affected", "version": "16.12.1s" }, { "status": "affected", "version": "16.12.1a" }, { "status": "affected", "version": "16.12.1c" }, { "status": "affected", "version": "16.12.1w" }, { "status": "affected", "version": "16.12.2" }, { "status": "affected", "version": "16.12.1y" }, { "status": "affected", "version": "16.12.2a" }, { "status": "affected", "version": "16.12.3" }, { "status": "affected", "version": "16.12.8" }, { "status": "affected", "version": "16.12.2s" }, { "status": "affected", "version": "16.12.1x" }, { "status": "affected", "version": "16.12.1t" }, { "status": "affected", "version": "16.12.4" }, { "status": "affected", "version": "16.12.3s" }, { "status": "affected", "version": "16.12.3a" }, { "status": "affected", "version": "16.12.4a" }, { "status": "affected", "version": "16.12.5" }, { "status": "affected", "version": "16.12.6" }, { "status": "affected", "version": "16.12.1z1" }, { "status": "affected", "version": "16.12.5a" }, { "status": "affected", "version": "16.12.5b" }, { "status": "affected", "version": "16.12.1z2" }, { "status": "affected", "version": "16.12.6a" }, { "status": "affected", "version": "16.12.7" }, { "status": "affected", "version": "16.12.9" }, { "status": "affected", "version": "16.12.10" }, { "status": "affected", "version": "16.12.10a" }, { "status": "affected", "version": "17.1.1" }, { "status": "affected", "version": "17.1.1a" }, { "status": "affected", "version": "17.1.1s" }, { "status": "affected", "version": "17.1.1t" }, { "status": "affected", "version": "17.1.3" }, { "status": "affected", "version": "17.2.1" }, { "status": "affected", "version": "17.2.1r" }, { "status": "affected", "version": "17.2.1a" }, { "status": "affected", "version": "17.2.1v" }, { "status": "affected", "version": "17.2.2" }, { "status": "affected", "version": "17.2.3" }, { "status": "affected", "version": "17.3.1" }, { "status": "affected", "version": "17.3.2" }, { "status": "affected", "version": "17.3.3" }, { "status": "affected", "version": "17.3.1a" }, { "status": "affected", "version": "17.3.1w" }, { "status": "affected", "version": "17.3.2a" }, { "status": "affected", "version": "17.3.1x" }, { "status": "affected", "version": "17.3.1z" }, { "status": "affected", "version": "17.3.4" }, { "status": "affected", "version": "17.3.5" }, { "status": "affected", "version": "17.3.4a" }, { "status": "affected", "version": "17.3.6" }, { "status": "affected", "version": "17.3.4b" }, { "status": "affected", "version": "17.3.4c" }, { "status": "affected", "version": "17.3.5a" }, { "status": "affected", "version": "17.3.5b" }, { "status": "affected", "version": "17.3.7" }, { "status": "affected", "version": "17.4.1" }, { "status": "affected", "version": "17.4.2" }, { "status": "affected", "version": "17.4.1a" }, { "status": "affected", "version": "17.4.1b" }, { "status": "affected", "version": "17.4.2a" }, { "status": "affected", "version": "17.5.1" }, { "status": "affected", "version": "17.5.1a" }, { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.1w" }, { "status": "affected", "version": "17.6.1a" }, { "status": "affected", "version": "17.6.1x" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.1y" }, { "status": "affected", "version": "17.6.1z" }, { "status": "affected", "version": "17.6.3a" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.1z1" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.6.5a" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.7.1a" }, { "status": "affected", "version": "17.7.1b" }, { "status": "affected", "version": "17.7.2" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.10.1b" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.8.1a" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.1w" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.1a" }, { "status": "affected", "version": "17.9.1x" }, { "status": "affected", "version": "17.9.1y" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.9.2a" }, { "status": "affected", "version": "17.9.1x1" }, { "status": "affected", "version": "17.9.3a" }, { "status": "affected", "version": "17.9.4" }, { "status": "affected", "version": "17.9.1y1" }, { "status": "affected", "version": "17.9.4a" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.11.1a" }, { "status": "affected", "version": "17.12.1" }, { "status": "affected", "version": "17.12.1w" }, { "status": "affected", "version": "17.12.1a" }, { "status": "affected", "version": "17.11.99SW" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper handling of certain IPv4 packets. An attacker could exploit this vulnerability by sending certain IPv4 packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-783", "description": "Operator Precedence Logic Error", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-27T16:57:27.974Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG" } ], "source": { "advisory": "cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG", "defects": [ "CSCwh41093" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20314", "datePublished": "2024-03-27T16:57:27.974Z", "dateReserved": "2023-11-08T15:08:07.632Z", "dateUpdated": "2024-08-01T21:59:42.311Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20324
Vulnerability from cvelistv5
Published
2024-03-27 16:55
Modified
2024-08-27 20:50
Severity ?
EPSS score ?
Summary
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords.
This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and show tech wireless CLI commands to access configuration details, including passwords. A successful exploit could allow the attacker to access configuration details that they are not authorized to access.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco IOS XE Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:41.715Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-iosxe-wlc-privesc-RjSMrmPK", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-wlc-privesc-RjSMrmPK" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.6a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.12.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.2a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.4c:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.5a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.5b:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.3.8a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.6a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.6.5a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.10.1a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.2:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.3:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.4:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.9.4a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.11.1:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:17.12.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios_xe", "vendor": "cisco", "versions": [ { "status": "affected", "version": "16.10.1" }, { "status": "affected", "version": "16.10.1s" }, { "status": "affected", "version": "16.10.1e" }, { "status": "affected", "version": "16.11.1" }, { "status": "affected", "version": "16.11.1a" }, { "status": "affected", "version": "16.11.1b" }, { "status": "affected", "version": "16.11.2" }, { "status": "affected", "version": "16.12.1" }, { "status": "affected", "version": "16.12.1s" }, { "status": "affected", "version": "16.12.3" }, { "status": "affected", "version": "16.12.8" }, { "status": "affected", "version": "16.12.2s" }, { "status": "affected", "version": "16.12.1t" }, { "status": "affected", "version": "16.12.4" }, { "status": "affected", "version": "16.12.3s" }, { "status": "affected", "version": "16.12.4a" }, { "status": "affected", "version": "16.12.5" }, { "status": "affected", "version": "16.12.6" }, { "status": "affected", "version": "16.12.6a" }, { "status": "affected", "version": "16.12.7" }, { "status": "affected", "version": "17.1.1" }, { "status": "affected", "version": "17.1.1s" }, { "status": "affected", "version": "17.1.1t" }, { "status": "affected", "version": "17.1.3" }, { "status": "affected", "version": "17.2.1" }, { "status": "affected", "version": "17.2.1a" }, { "status": "affected", "version": "17.3.1" }, { "status": "affected", "version": "17.3.2" }, { "status": "affected", "version": "17.3.3" }, { "status": "affected", "version": "17.3.2a" }, { "status": "affected", "version": "17.3.4" }, { "status": "affected", "version": "17.3.5" }, { "status": "affected", "version": "17.3.6" }, { "status": "affected", "version": "17.3.4c" }, { "status": "affected", "version": "17.3.5a" }, { "status": "affected", "version": "17.3.5b" }, { "status": "affected", "version": "17.3.7" }, { "status": "affected", "version": "17.3.8" }, { "status": "affected", "version": "17.3.8a" }, { "status": "affected", "version": "17.4.1" }, { "status": "affected", "version": "17.5.1" }, { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.6.6" }, { "status": "affected", "version": "17.6.6a" }, { "status": "affected", "version": "17.6.5a" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.9.4" }, { "status": "affected", "version": "17.9.4a" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.12.1" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20324", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-28T04:00:38.359973Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-27T20:50:51.192Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "16.10.1" }, { "status": "affected", "version": "16.10.1s" }, { "status": "affected", "version": "16.10.1e" }, { "status": "affected", "version": "16.11.1" }, { "status": "affected", "version": "16.11.1a" }, { "status": "affected", "version": "16.11.1b" }, { "status": "affected", "version": "16.11.2" }, { "status": "affected", "version": "16.12.1" }, { "status": "affected", "version": "16.12.1s" }, { "status": "affected", "version": "16.12.3" }, { "status": "affected", "version": "16.12.8" }, { "status": "affected", "version": "16.12.2s" }, { "status": "affected", "version": "16.12.1t" }, { "status": "affected", "version": "16.12.4" }, { "status": "affected", "version": "16.12.3s" }, { "status": "affected", "version": "16.12.4a" }, { "status": "affected", "version": "16.12.5" }, { "status": "affected", "version": "16.12.6" }, { "status": "affected", "version": "16.12.6a" }, { "status": "affected", "version": "16.12.7" }, { "status": "affected", "version": "17.1.1" }, { "status": "affected", "version": "17.1.1s" }, { "status": "affected", "version": "17.1.1t" }, { "status": "affected", "version": "17.1.3" }, { "status": "affected", "version": "17.2.1" }, { "status": "affected", "version": "17.2.1a" }, { "status": "affected", "version": "17.3.1" }, { "status": "affected", "version": "17.3.2" }, { "status": "affected", "version": "17.3.3" }, { "status": "affected", "version": "17.3.2a" }, { "status": "affected", "version": "17.3.4" }, { "status": "affected", "version": "17.3.5" }, { "status": "affected", "version": "17.3.6" }, { "status": "affected", "version": "17.3.4c" }, { "status": "affected", "version": "17.3.5a" }, { "status": "affected", "version": "17.3.5b" }, { "status": "affected", "version": "17.3.7" }, { "status": "affected", "version": "17.3.8" }, { "status": "affected", "version": "17.3.8a" }, { "status": "affected", "version": "17.4.1" }, { "status": "affected", "version": "17.5.1" }, { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.6.6" }, { "status": "affected", "version": "17.6.6a" }, { "status": "affected", "version": "17.6.5a" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.9.4" }, { "status": "affected", "version": "17.9.4a" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.12.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, low-privileged, local attacker to access WLAN configuration details including passwords.\r\n\r This vulnerability is due to improper privilege checks. An attacker could exploit this vulnerability by using the show and show tech wireless CLI commands to access configuration details, including passwords. A successful exploit could allow the attacker to access configuration details that they are not authorized to access." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-274", "description": "Improper Handling of Insufficient Privileges", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-27T16:55:53.837Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-iosxe-wlc-privesc-RjSMrmPK", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-wlc-privesc-RjSMrmPK" } ], "source": { "advisory": "cisco-sa-iosxe-wlc-privesc-RjSMrmPK", "defects": [ "CSCwf36190" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20324", "datePublished": "2024-03-27T16:55:53.837Z", "dateReserved": "2023-11-08T15:08:07.640Z", "dateUpdated": "2024-08-27T20:50:51.192Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20313
Vulnerability from cvelistv5
Published
2024-04-24 20:42
Modified
2024-08-09 18:34
Severity ?
EPSS score ?
Summary
A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco IOS XE Software |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:42.856Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-iosxe-ospf-dos-dR9Sfrxp", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ospf-dos-dR9Sfrxp" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-20313", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-09T18:33:53.340440Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-09T18:34:02.110Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "17.5.1" }, { "status": "affected", "version": "17.5.1a" }, { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.1w" }, { "status": "affected", "version": "17.6.1a" }, { "status": "affected", "version": "17.6.1x" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.1y" }, { "status": "affected", "version": "17.6.1z" }, { "status": "affected", "version": "17.6.3a" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.1z1" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.6.5a" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.7.1a" }, { "status": "affected", "version": "17.7.1b" }, { "status": "affected", "version": "17.7.2" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.10.1b" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.8.1a" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.1w" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.1a" }, { "status": "affected", "version": "17.9.1x" }, { "status": "affected", "version": "17.9.1y" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.9.2a" }, { "status": "affected", "version": "17.9.1x1" }, { "status": "affected", "version": "17.9.3a" }, { "status": "affected", "version": "17.9.1y1" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.11.1a" }, { "status": "affected", "version": "17.11.99SW" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF update to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-24T20:42:10.379Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-iosxe-ospf-dos-dR9Sfrxp", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ospf-dos-dR9Sfrxp" } ], "source": { "advisory": "cisco-sa-iosxe-ospf-dos-dR9Sfrxp", "defects": [ "CSCwf51268" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20313", "datePublished": "2024-04-24T20:42:10.379Z", "dateReserved": "2023-11-08T15:08:07.632Z", "dateUpdated": "2024-08-09T18:34:02.110Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20303
Vulnerability from cvelistv5
Published
2024-03-27 17:00
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.
This vulnerability is due to improper management of mDNS client entries. An attacker could exploit this vulnerability by connecting to the wireless network and sending a continuous stream of specific mDNS packets. A successful exploit could allow the attacker to cause the wireless controller to have high CPU utilization, which could lead to access points (APs) losing their connection to the controller and result in a DoS condition.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco IOS XE Software |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20303", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-28T18:34:54.816642Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:39:55.892Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:41.376Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-wlc-mdns-dos-4hv6pBGf", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-mdns-dos-4hv6pBGf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "17.2.1" }, { "status": "affected", "version": "17.2.1r" }, { "status": "affected", "version": "17.2.1a" }, { "status": "affected", "version": "17.2.1v" }, { "status": "affected", "version": "17.2.2" }, { "status": "affected", "version": "17.2.3" }, { "status": "affected", "version": "17.3.1" }, { "status": "affected", "version": "17.3.2" }, { "status": "affected", "version": "17.3.3" }, { "status": "affected", "version": "17.3.1a" }, { "status": "affected", "version": "17.3.1w" }, { "status": "affected", "version": "17.3.2a" }, { "status": "affected", "version": "17.3.1x" }, { "status": "affected", "version": "17.3.1z" }, { "status": "affected", "version": "17.3.4" }, { "status": "affected", "version": "17.3.5" }, { "status": "affected", "version": "17.3.4a" }, { "status": "affected", "version": "17.3.6" }, { "status": "affected", "version": "17.3.4b" }, { "status": "affected", "version": "17.3.4c" }, { "status": "affected", "version": "17.3.5a" }, { "status": "affected", "version": "17.3.5b" }, { "status": "affected", "version": "17.3.7" }, { "status": "affected", "version": "17.3.8" }, { "status": "affected", "version": "17.3.8a" }, { "status": "affected", "version": "17.4.1" }, { "status": "affected", "version": "17.4.2" }, { "status": "affected", "version": "17.4.1a" }, { "status": "affected", "version": "17.4.1b" }, { "status": "affected", "version": "17.4.2a" }, { "status": "affected", "version": "17.5.1" }, { "status": "affected", "version": "17.5.1a" }, { "status": "affected", "version": "17.6.1" }, { "status": "affected", "version": "17.6.2" }, { "status": "affected", "version": "17.6.1w" }, { "status": "affected", "version": "17.6.1a" }, { "status": "affected", "version": "17.6.1x" }, { "status": "affected", "version": "17.6.3" }, { "status": "affected", "version": "17.6.1y" }, { "status": "affected", "version": "17.6.1z" }, { "status": "affected", "version": "17.6.3a" }, { "status": "affected", "version": "17.6.4" }, { "status": "affected", "version": "17.6.1z1" }, { "status": "affected", "version": "17.6.5" }, { "status": "affected", "version": "17.6.5a" }, { "status": "affected", "version": "17.7.1" }, { "status": "affected", "version": "17.7.1a" }, { "status": "affected", "version": "17.7.1b" }, { "status": "affected", "version": "17.7.2" }, { "status": "affected", "version": "17.10.1" }, { "status": "affected", "version": "17.10.1a" }, { "status": "affected", "version": "17.10.1b" }, { "status": "affected", "version": "17.8.1" }, { "status": "affected", "version": "17.8.1a" }, { "status": "affected", "version": "17.9.1" }, { "status": "affected", "version": "17.9.1w" }, { "status": "affected", "version": "17.9.2" }, { "status": "affected", "version": "17.9.1a" }, { "status": "affected", "version": "17.9.1x" }, { "status": "affected", "version": "17.9.1y" }, { "status": "affected", "version": "17.9.3" }, { "status": "affected", "version": "17.9.2a" }, { "status": "affected", "version": "17.9.1x1" }, { "status": "affected", "version": "17.9.3a" }, { "status": "affected", "version": "17.9.1y1" }, { "status": "affected", "version": "17.11.1" }, { "status": "affected", "version": "17.11.1a" }, { "status": "affected", "version": "17.11.99SW" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper management of mDNS client entries. An attacker could exploit this vulnerability by connecting to the wireless network and sending a continuous stream of specific mDNS packets. A successful exploit could allow the attacker to cause the wireless controller to have high CPU utilization, which could lead to access points (APs) losing their connection to the controller and result in a DoS condition." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-459", "description": "Incomplete Cleanup", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-27T17:00:37.075Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-wlc-mdns-dos-4hv6pBGf", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-mdns-dos-4hv6pBGf" } ], "source": { "advisory": "cisco-sa-wlc-mdns-dos-4hv6pBGf", "defects": [ "CSCwf53124" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20303", "datePublished": "2024-03-27T17:00:37.075Z", "dateReserved": "2023-11-08T15:08:07.630Z", "dateUpdated": "2024-08-01T21:59:41.376Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.