CVE-2024-20496

EPSS 0.05%
Published 25.09.2024 17:15:18
Last modified 26.09.2024 13:32:02
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system.

This vulnerability is due to incorrect handling of a specific type of malformed UDP packet. An attacker in a machine-in-the-middle position could exploit this vulnerability by sending crafted UDP packets to an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition on the affected system.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorCisco

≫

Product Cisco SD-WAN vEdge Cloud

Default Statusunknown

Version 19.2.1

Status affected

Version 20.1.12

Status affected

Version 18.4.4

Status affected

Version 19.3.0

Status affected

Version 18.3.8

Status affected

Version 19.2.2

Status affected

Version 20.1.1

Status affected

Version 18.3.6

Status affected

Version 18.4.3

Status affected

Version 18.4.302

Status affected

Version 18.4.5

Status affected

Version 18.4.303

Status affected

Version 19.2.098

Status affected

Version 19.1.0

Status affected

Version 19.0.1a

Status affected

Version 19.2.099

Status affected

Version 18.3.7

Status affected

Version 19.2.097

Status affected

Version 18.3.1

Status affected

Version 19.2.0

Status affected

Version 18.3.4

Status affected

Version 18.2.0

Status affected

Version 18.4.1

Status affected

Version 18.4.0

Status affected

Version 18.3.5

Status affected

Version 18.3.3

Status affected

Version 18.3.0

Status affected

Version 19.2.3

Status affected

Version 20.3.1

Status affected

Version 20.1.2

Status affected

Version 19.2.929

Status affected

Version 19.2.31

Status affected

Version 20.3.2

Status affected

Version 19.2.32

Status affected

Version 18.4.6

Status affected

Version 20.4.1

Status affected

Version 19.2.4

Status affected

Version 20.4.1.1

Status affected

Version 20.3.3

Status affected

Version 20.5.1

Status affected

Version 20.1.3

Status affected

Version 20.4.1.2

Status affected

Version 20.4.2

Status affected

Version 20.3.4

Status affected

Version 20.6.1

Status affected

Version 20.6.2

Status affected

Version 20.7.1

Status affected

Version 20.3.5

Status affected

Version 20.6.3

Status affected

Version 20.8.1

Status affected

Version 20.7.2

Status affected

Version 20.6.4

Status affected

Version 20.9.1

Status affected

Version 20.3.6

Status affected

Version 20.9.1.1

Status affected

Version 20.9.2

Status affected

Version 20.6.5

Status affected

Version 20.3.7

Status affected

Version 20.9.3

Status affected

Version 20.4.2.3

Status affected

Version 20.3.4.3

Status affected

Version 20.6.4.1

Status affected

Version 20.6.3.2

Status affected

Version 20.3.5.1

Status affected

Version 20.9.3.1

Status affected

Version 20.6.5.2

Status affected

Version 20.3.7.1

Status affected

Version 20.3.3.2

Status affected

Version 20.6.1.2

Status affected

Version 20.1.3.1

Status affected

Version 20.9.2.2

Status affected

Version 20.6.5.3

Status affected

Version 20.6.3.3

Status affected

Version 20.3.7.2

Status affected

Version 20.6.5.4

Status affected

Version 20.9.2.3

Status affected

Version 20.3.8

Status affected

VendorCisco

≫

Product Cisco SD-WAN vEdge router

Default Statusunknown

Version 18.4.303

Status affected

Version 18.3.7

Status affected

Version 19.3.0

Status affected

Version 18.2.0

Status affected

Version 20.1.12

Status affected

Version 19.2.099

Status affected

Version 18.3.3

Status affected

Version 18.3.6

Status affected

Version 19.0.0

Status affected

Version 18.4.0

Status affected

Version 19.1.01

Status affected

Version 19.2.098

Status affected

Version 18.3.1

Status affected

Version 18.4.302

Status affected

Version 19.2.2

Status affected

Version 18.3.5

Status affected

Version 19.1.0

Status affected

Version 20.1.11

Status affected

Version 19.2.097

Status affected

Version 18.4.5

Status affected

Version 18.3.8

Status affected

Version 18.3.0

Status affected

Version 18.4.3

Status affected

Version 18.4.4

Status affected

Version 19.2.1

Status affected

Version 18.3.4

Status affected

Version 19.0.1a

Status affected

Version 20.1.1

Status affected

Version 18.4.1

Status affected

Version 19.2.0

Status affected

Version 19.2.3

Status affected

Version 20.3.1

Status affected

Version 20.1.2

Status affected

Version 19.2.929

Status affected

Version 19.2.31

Status affected

Version 20.3.2

Status affected

Version 19.2.32

Status affected

Version 18.4.6

Status affected

Version 20.4.1

Status affected

Version 19.2.4

Status affected

Version 20.4.1.1

Status affected

Version 20.3.3

Status affected

Version 20.5.1

Status affected

Version 20.1.3

Status affected

Version 20.4.1.2

Status affected

Version 20.4.2

Status affected

Version 20.3.4

Status affected

Version 20.6.1

Status affected

Version 20.6.2

Status affected

Version 20.7.1

Status affected

Version 20.7.1.2

Status affected

Version 20.3.5

Status affected

Version 20.9.1

Status affected

Version 20.6.3

Status affected

Version 20.8.1

Status affected

Version 20.7.2

Status affected

Version 20.6.4

Status affected

Version 20.3.6

Status affected

Version 20.9.2

Status affected

Version 20.6.5

Status affected

Version 20.3.7

Status affected

Version 20.9.3

Status affected

Version 20.6.5.1

Status affected

Version 20.3.3.2

Status affected

Version 20.6.4.1

Status affected

Version 20.6.3.2

Status affected

Version 20.3.4.3

Status affected

Version 20.6.5.2

Status affected

Version 20.9.3.1

Status affected

Version 20.3.7.1

Status affected

Version 20.3.5.1

Status affected

Version 20.4.2.3

Status affected

Version 20.6.1.2

Status affected

Version 20.9.2.2

Status affected

Version 20.1.3.1

Status affected

Version 20.6.5.3

Status affected

Version 20.6.3.3

Status affected

Version 20.3.7.2

Status affected

Version 20.6.5.4

Status affected

Version 20.9.2.3

Status affected

Version 20.3.8

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.14

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@cisco.com	6.1	1.6	4	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-vedos-KqFfhps3

https://nvd.nist.gov/vuln/detail/CVE-2024-20496

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20496

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20496

EUVD