Cisco IOS XE up to 17.14.1 on Catalyst 9000 integer overflow

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.2 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in Cisco IOS XE on Catalyst 9000. This impacts an unknown function. The manipulation results in integer overflow. This vulnerability is identified as CVE-2024-20434. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.
Details
A vulnerability classified as problematic has been found in Cisco IOS XE on Catalyst 9000. Affected is an unknown functionality. The manipulation with an unknown input leads to a integer overflow vulnerability. CWE is classifying the issue as CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. This is going to have an impact on availability. CVE summarizes:
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected device. A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. The device would not be accessible through the console or CLI, and it would not respond to ping requests, SNMP requests, or requests from other control plane protocols. Traffic that is traversing the device through the data plane is not affected. A reload of the device is required to restore control plane services.
The advisory is shared for download at sec.cloudapps.cisco.com. This vulnerability is traded as CVE-2024-20434 since 11/08/2023. The exploitability is told to be easy. The attack can only be done within the local network. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 09/29/2024).
The vulnerability scanner Nessus provides a plugin with the ID 207741 (Cisco IOS XE Software Catalyst 9000 Series Switches DoS (cisco-sa-vlan-dos-27Pur5RT)), which helps to determine the existence of the flaw in a target environment.
Upgrading eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (207741). VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
- 16.6.1
- 16.6.2
- 16.6.3
- 16.6.4
- 16.6.4a
- 16.6.5
- 16.6.6
- 16.6.7
- 16.6.8
- 16.6.9
- 16.6.10
- 16.7.1
- 16.8.1
- 16.8.1a
- 16.8.1s
- 16.9.1
- 16.9.1s
- 16.9.2
- 16.9.3
- 16.9.4
- 16.9.5
- 16.9.6
- 16.9.7
- 16.9.8
- 16.10.1
- 16.10.1e
- 16.10.1s
- 16.11.1
- 16.11.1b
- 16.11.1s
- 16.12.1
- 16.12.1c
- 16.12.1s
- 16.12.2
- 16.12.2s
- 16.12.3
- 16.12.3a
- 16.12.3s
- 16.12.4
- 16.12.4a
- 16.12.5
- 16.12.5b
- 16.12.6
- 16.12.6a
- 16.12.7
- 16.12.8
- 17.1.1
- 17.1.1s
- 17.1.1t
- 17.1.3
- 17.2.1
- 17.2.1a
- 17.3.1
- 17.3.2
- 17.3.2a
- 17.3.3
- 17.3.4
- 17.3.4b
- 17.3.5
- 17.3.6
- 17.3.7
- 17.3.8
- 17.3.8a
- 17.4.1
- 17.5.1
- 17.6.1
- 17.6.2
- 17.6.3
- 17.6.4
- 17.6.5
- 17.6.5a
- 17.6.6
- 17.6.6a
- 17.6.7
- 17.7.1
- 17.8.1
- 17.9.1
- 17.9.2
- 17.9.3
- 17.9.4
- 17.9.4a
- 17.9.5
- 17.10.1
- 17.10.1b
- 17.11.1
- 17.11.99SW
- 17.12.1
- 17.12.2
- 17.12.3
- 17.13.1
- 17.14.1
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.3VulDB Meta Temp Score: 4.2
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 4.3
CNA Vector (cisco): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Integer overflowCWE: CWE-190 / CWE-189
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 207741
Nessus Name: Cisco IOS XE Software Catalyst 9000 Series Switches DoS (cisco-sa-vlan-dos-27Pur5RT)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
11/08/2023 🔍09/25/2024 🔍
09/25/2024 🔍
09/29/2024 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-vlan-dos-27Pur5RT
Status: Confirmed
CVE: CVE-2024-20434 (🔍)
GCVE (CVE): GCVE-0-2024-20434
GCVE (VulDB): GCVE-100-278496
scip Labs: https://www.scip.ch/en/?labs.20150108
Entry
Created: 09/25/2024 18:55Updated: 09/29/2024 23:24
Changes: 09/25/2024 18:55 (64), 09/29/2024 23:24 (2)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.