CVE-2024-20259
Severity CVSS v4.0:
Pending analysis
Type:
CWE-122
Heap-based Buffer Overflow
Publication date:
27/03/2024
Last modified:
30/04/2025
Description
A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.<br />
<br />
This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.<br />
<br />
Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one.
Impact
Base Score 3.x
8.60
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:17.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:17.3.1w:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:17.3.1x:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page