CVE-2024-20259

Published: Mar 27, 2024Modified: Apr 30, 2025

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one.

Affected (80)

Products: Cisco: Ios Xe

Cisco

1 product

Ios Xe

Configuration A

80 vulnerable · 97 platform

Vulnerable Software	Affected Versions
Cisco Ios Xe	Version 17.1.1
Cisco Ios Xe	Version 17.1.1a
Cisco Ios Xe	Version 17.1.1s
Cisco Ios Xe	Version 17.1.1t
Cisco Ios Xe	Version 17.1.3
Cisco Ios Xe	Version 17.10.1
Cisco Ios Xe	Version 17.10.1a
Cisco Ios Xe	Version 17.10.1b
Cisco Ios Xe	Version 17.11.1
Cisco Ios Xe	Version 17.11.1a
Cisco Ios Xe	Version 17.11.99sw
Cisco Ios Xe	Version 17.12.1
Cisco Ios Xe	Version 17.12.1a
Cisco Ios Xe	Version 17.12.1w
Cisco Ios Xe	Version 17.2.1
Cisco Ios Xe	Version 17.2.1a
Cisco Ios Xe	Version 17.2.1r
Cisco Ios Xe	Version 17.2.1v
Cisco Ios Xe	Version 17.2.2
Cisco Ios Xe	Version 17.2.3
Cisco Ios Xe	Version 17.3.1
Cisco Ios Xe	Version 17.3.1a
Cisco Ios Xe	Version 17.3.1w
Cisco Ios Xe	Version 17.3.1x
Cisco Ios Xe	Version 17.3.1z
Cisco Ios Xe	Version 17.3.2
Cisco Ios Xe	Version 17.3.2a
Cisco Ios Xe	Version 17.3.3
Cisco Ios Xe	Version 17.3.4
Cisco Ios Xe	Version 17.3.4a
Cisco Ios Xe	Version 17.3.4b
Cisco Ios Xe	Version 17.3.4c
Cisco Ios Xe	Version 17.3.5
Cisco Ios Xe	Version 17.3.5a
Cisco Ios Xe	Version 17.3.5b
Cisco Ios Xe	Version 17.3.6
Cisco Ios Xe	Version 17.3.7
Cisco Ios Xe	Version 17.3.8
Cisco Ios Xe	Version 17.3.8a
Cisco Ios Xe	Version 17.4.1
Cisco Ios Xe	Version 17.4.1a
Cisco Ios Xe	Version 17.4.1b
Cisco Ios Xe	Version 17.4.2
Cisco Ios Xe	Version 17.4.2a
Cisco Ios Xe	Version 17.5.1
Cisco Ios Xe	Version 17.5.1a
Cisco Ios Xe	Version 17.6.1
Cisco Ios Xe	Version 17.6.1a
Cisco Ios Xe	Version 17.6.1w
Cisco Ios Xe	Version 17.6.1x
Cisco Ios Xe	Version 17.6.1y
Cisco Ios Xe	Version 17.6.1z1
Cisco Ios Xe	Version 17.6.1z
Cisco Ios Xe	Version 17.6.2
Cisco Ios Xe	Version 17.6.3
Cisco Ios Xe	Version 17.6.3a
Cisco Ios Xe	Version 17.6.4
Cisco Ios Xe	Version 17.6.5
Cisco Ios Xe	Version 17.6.5a
Cisco Ios Xe	Version 17.6.6
Cisco Ios Xe	Version 17.6.6a
Cisco Ios Xe	Version 17.7.1
Cisco Ios Xe	Version 17.7.1a
Cisco Ios Xe	Version 17.7.1b
Cisco Ios Xe	Version 17.7.2
Cisco Ios Xe	Version 17.8.1
Cisco Ios Xe	Version 17.8.1a
Cisco Ios Xe	Version 17.9.1
Cisco Ios Xe	Version 17.9.1a
Cisco Ios Xe	Version 17.9.1w
Cisco Ios Xe	Version 17.9.1x1
Cisco Ios Xe	Version 17.9.1x
Cisco Ios Xe	Version 17.9.1y1
Cisco Ios Xe	Version 17.9.1y
Cisco Ios Xe	Version 17.9.2
Cisco Ios Xe	Version 17.9.2a
Cisco Ios Xe	Version 17.9.3
Cisco Ios Xe	Version 17.9.3a
Cisco Ios Xe	Version 17.9.4
Cisco Ios Xe	Version 17.9.4a

Running on/with	Platform Versions
Cisco Catalyst 9100	All versions
Cisco Catalyst 9105	All versions
Cisco Catalyst 9105ax	All versions
Cisco Catalyst 9105axi	All versions
Cisco Catalyst 9105axw	All versions
Cisco Catalyst 9105i	All versions
Cisco Catalyst 9105w	All versions
Cisco Catalyst 9115	All versions
Cisco Catalyst 9115 Ap	All versions
Cisco Catalyst 9115ax	All versions
Cisco Catalyst 9115axe	All versions
Cisco Catalyst 9115axi	All versions
Cisco Catalyst 9117	All versions
Cisco Catalyst 9117 Ap	All versions
Cisco Catalyst 9117ax	All versions
Cisco Catalyst 9117axi	All versions
Cisco Catalyst 9120	All versions
Cisco Catalyst 9120 Ap	All versions
Cisco Catalyst 9120ax	All versions
Cisco Catalyst 9120axe	All versions
Cisco Catalyst 9120axi	All versions
Cisco Catalyst 9120axp	All versions
Cisco Catalyst 9124	All versions
Cisco Catalyst 9124ax	All versions
Cisco Catalyst 9124axd	All versions
Cisco Catalyst 9124axi	All versions
Cisco Catalyst 9124d	All versions
Cisco Catalyst 9124e	All versions
Cisco Catalyst 9124i	All versions
Cisco Catalyst 9130	All versions
Cisco Catalyst 9130 Ap	All versions
Cisco Catalyst 9130ax	All versions
Cisco Catalyst 9130axe	All versions
Cisco Catalyst 9130axi	All versions
Cisco Catalyst 9136	All versions
Cisco Catalyst 9162	All versions
Cisco Catalyst 9164	All versions
Cisco Catalyst 9166	All versions
Cisco Catalyst 9166d1	All versions
Cisco Catalyst 9200	All versions
Cisco Catalyst 9200cx	All versions
Cisco Catalyst 9200l	All versions
Cisco Catalyst 9300	All versions
Cisco Catalyst 9300 24p A	All versions
Cisco Catalyst 9300 24p E	All versions
Cisco Catalyst 9300 24s A	All versions
Cisco Catalyst 9300 24s E	All versions
Cisco Catalyst 9300 24t A	All versions
Cisco Catalyst 9300 24t E	All versions
Cisco Catalyst 9300 24u A	All versions
Cisco Catalyst 9300 24u E	All versions
Cisco Catalyst 9300 24ux A	All versions
Cisco Catalyst 9300 24ux E	All versions
Cisco Catalyst 9300 48p A	All versions
Cisco Catalyst 9300 48p E	All versions
Cisco Catalyst 9300 48s A	All versions
Cisco Catalyst 9300 48s E	All versions
Cisco Catalyst 9300 48t A	All versions
Cisco Catalyst 9300 48t E	All versions
Cisco Catalyst 9300 48u A	All versions
Cisco Catalyst 9300 48u E	All versions
Cisco Catalyst 9300 48un A	All versions
Cisco Catalyst 9300 48un E	All versions
Cisco Catalyst 9300 48uxm A	All versions
Cisco Catalyst 9300 48uxm E	All versions
Cisco Catalyst 9300l	All versions
Cisco Catalyst 9300l 24p 4g A	All versions
Cisco Catalyst 9300l 24p 4g E	All versions
Cisco Catalyst 9300l 24p 4x A	All versions
Cisco Catalyst 9300l 24p 4x E	All versions
Cisco Catalyst 9300l 24t 4g A	All versions
Cisco Catalyst 9300l 24t 4g E	All versions
Cisco Catalyst 9300l 24t 4x A	All versions
Cisco Catalyst 9300l 24t 4x E	All versions
Cisco Catalyst 9300l 48p 4g A	All versions
Cisco Catalyst 9300l 48p 4g E	All versions
Cisco Catalyst 9300l 48p 4x A	All versions
Cisco Catalyst 9300l 48p 4x E	All versions
Cisco Catalyst 9300l 48t 4g A	All versions
Cisco Catalyst 9300l 48t 4g E	All versions
Cisco Catalyst 9300l 48t 4x A	All versions
Cisco Catalyst 9300l 48t 4x E	All versions
Cisco Catalyst 9300l Stack	All versions
Cisco Catalyst 9300lm	All versions
Cisco Catalyst 9300x	All versions
Cisco Catalyst 9400	All versions
Cisco Catalyst 9407r	All versions
Cisco Catalyst 9600x	All versions
Cisco Catalyst 9800	All versions
Cisco Catalyst 9800 40	All versions
Cisco Catalyst 9800 80	All versions
Cisco Catalyst 9800 Cl	All versions
Cisco Catalyst 9800 L	All versions
Cisco Catalyst 9800 L C	All versions
Cisco Catalyst 9800 L F	All versions
Cisco Dn Apl Tta M	All versions
Cisco Dn Apl Tta M Rf	All versions

Related CWEs

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dhcp-dos-T3CXPO9z

Source: psirt@cisco.com

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dhcp-dos-T3CXPO9z

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.