CVE-2024-20464

EPSS 0.47%
Published 25.09.2024 17:15:17
Last modified 24.10.2024 19:47:29
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

 This vulnerability is due to insufficient validation of received IPv4 PIMv2 packets. An attacker could exploit this vulnerability by sending a crafted PIMv2 packet to a PIM-enabled interface on an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition.

 Note: This vulnerability can be exploited with either an IPv4 multicast or unicast packet.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Xe Version17.13.1

Cisco ≫ Ios Xe Version17.13.1a

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.47%	0.637

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
psirt@cisco.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pim-APbVfySJ

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-20464

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20464

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20464

EUVD