8.6
CVE-2024-20446
- EPSS 0.41%
- Veröffentlicht 28.08.2024 17:15:09
- Zuletzt bearbeitet 29.08.2024 13:25:27
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in a DHCPv6 RELAY-REPLY message. An attacker could exploit this vulnerability by sending a crafted DHCPv6 packet to any IPv6 address that is configured on an affected device. A successful exploit could allow the attacker to cause the dhcp_snoop process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellercisco
≫
Produkt
nx-os
Default Statusunknown
Version
10.2\(1\)
Status
affected
Herstellercisco
≫
Produkt
nx-os
Default Statusunknown
Version
10.2\(1q\)
Status
affected
Herstellercisco
≫
Produkt
nx-os
Default Statusunknown
Version
9.3\(9\)
Status
affected
Herstellercisco
≫
Produkt
nx-os
Default Statusunknown
Version
8.2\(11\)
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.602 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.