CVE-2024-20271

EPSS 0.42%
Published 27.03.2024 17:15:51
Last modified 06.08.2025 13:45:24
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

 This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Xe Version < 17.3.8

Cisco ≫ Ios Xe Version >= 17.4 < 17.6.6

Cisco ≫ Ios Xe Version >= 17.7 < 17.9.5

Cisco ≫ Ios Xe Version >= 17.10 < 17.12.2

Cisco ≫ Business Access Points Version < 10.9.1.0

   Cisco ≫ Business 140ac Version-
   Cisco ≫ Business 140ac Access Point Version-
   Cisco ≫ Business 141acm Version-
   Cisco ≫ Business 142acm Version-
   Cisco ≫ Business 143acm Version-
   Cisco ≫ Business 145ac Version-
   Cisco ≫ Business 145ac Access Point Version-
   Cisco ≫ Business 240ac Version-

Cisco ≫ Business Access Points Version < 10.6.2.0

   Cisco ≫ Business 150ax Version-
   Cisco ≫ Business 150ax Access Point Version-
   Cisco ≫ Business 151axm Version-

Cisco ≫ Wireless Lan Controller Software Version < 8.10.190.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.611

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
psirt@cisco.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-20271

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20271

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20271

EUVD