TROYANOSYVIRUS
Back to CVEs

CVE-2024-20259

HIGH
8.6

Description

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a crafted IPv4 DHCP request packet being mishandled when endpoint analytics are enabled. An attacker could exploit this vulnerability by sending a crafted DHCP request through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: The attack vector is listed as network because a DHCP relay anywhere on the network could allow exploits from networks other than the adjacent one.

CVE Details

CVSS v3.1 Score8.6
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published3/27/2024
Last Modified4/30/2025
Sourcenvd
Honeypot Sightings0

Affected Products

cisco:catalyst_9100cisco:catalyst_9105cisco:catalyst_9105axcisco:catalyst_9105axicisco:catalyst_9105axwcisco:catalyst_9105icisco:catalyst_9105wcisco:catalyst_9115cisco:catalyst_9115_apcisco:catalyst_9115axcisco:catalyst_9115axecisco:catalyst_9115axicisco:catalyst_9117cisco:catalyst_9117_apcisco:catalyst_9117axcisco:catalyst_9117axicisco:catalyst_9120cisco:catalyst_9120_apcisco:catalyst_9120axcisco:catalyst_9120axecisco:catalyst_9120axicisco:catalyst_9120axpcisco:catalyst_9124cisco:catalyst_9124axcisco:catalyst_9124axdcisco:catalyst_9124axicisco:catalyst_9124dcisco:catalyst_9124ecisco:catalyst_9124icisco:catalyst_9130cisco:catalyst_9130_apcisco:catalyst_9130axcisco:catalyst_9130axecisco:catalyst_9130axicisco:catalyst_9136cisco:catalyst_9162cisco:catalyst_9164cisco:catalyst_9166cisco:catalyst_9166d1cisco:catalyst_9200cisco:catalyst_9200cxcisco:catalyst_9200lcisco:catalyst_9300cisco:catalyst_9300-24p-acisco:catalyst_9300-24p-ecisco:catalyst_9300-24s-acisco:catalyst_9300-24s-ecisco:catalyst_9300-24t-acisco:catalyst_9300-24t-ecisco:catalyst_9300-24u-acisco:catalyst_9300-24u-ecisco:catalyst_9300-24ux-acisco:catalyst_9300-24ux-ecisco:catalyst_9300-48p-acisco:catalyst_9300-48p-ecisco:catalyst_9300-48s-acisco:catalyst_9300-48s-ecisco:catalyst_9300-48t-acisco:catalyst_9300-48t-ecisco:catalyst_9300-48u-acisco:catalyst_9300-48u-ecisco:catalyst_9300-48un-acisco:catalyst_9300-48un-ecisco:catalyst_9300-48uxm-acisco:catalyst_9300-48uxm-ecisco:catalyst_9300lcisco:catalyst_9300l-24p-4g-acisco:catalyst_9300l-24p-4g-ecisco:catalyst_9300l-24p-4x-acisco:catalyst_9300l-24p-4x-ecisco:catalyst_9300l-24t-4g-acisco:catalyst_9300l-24t-4g-ecisco:catalyst_9300l-24t-4x-acisco:catalyst_9300l-24t-4x-ecisco:catalyst_9300l-48p-4g-acisco:catalyst_9300l-48p-4g-ecisco:catalyst_9300l-48p-4x-acisco:catalyst_9300l-48p-4x-ecisco:catalyst_9300l-48t-4g-acisco:catalyst_9300l-48t-4g-ecisco:catalyst_9300l-48t-4x-acisco:catalyst_9300l-48t-4x-ecisco:catalyst_9300l_stackcisco:catalyst_9300lmcisco:catalyst_9300xcisco:catalyst_9400cisco:catalyst_9407rcisco:catalyst_9600xcisco:catalyst_9800cisco:catalyst_9800-40cisco:catalyst_9800-80cisco:catalyst_9800-clcisco:catalyst_9800-lcisco:catalyst_9800-l-ccisco:catalyst_9800-l-fcisco:dn-apl-tta-mcisco:dn-apl-tta-m-rfcisco:ios_xe

Weaknesses (CWE)

CWE-122CWE-787

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dhcp-dos-T3CXPO9z(psirt@cisco.com)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dhcp-dos-T3CXPO9z(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.