overview
This month Cisco released its semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. The publication makes mention of several vulnerabilities from high to medium severity that impact IOS and IOS XE Software. Here is a list of the most severe vulnerabilities:
CVE-2024-20307 and CVE-2024-20308 (CVSS 8.6)
These vulnerabilities are found in the Internet Key Exchange version 1 fragmentation feature of Cisco IOS Software and Cisco IOS XE Software. It could allow an unauthenticated, remote attacker to cause either a heap overflow or underflow on an affected system, potentially leading to a denial of service (DoS) condition. The vulnerabilities stem from improperly reassembling crafted, fragmented IKEv1 packets, which can be exploited by sending malicious UDP packets to the targeted system. Successful exploitation may result in the affected device reloading, particularly if the buffer size is configured for a value greater than 32,767.
CVE-2024-20311 (CVSS 8.6)
This vulnerability is in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software. It could allow an unauthenticated remote attacker to trigger a device reload. This vulnerability arises from mishandling LISP packets. By sending a manipulated LISP packet to a vulnerable device, an attacker could force a reload, leading to a denial of service (DoS) scenario. It's important to note that this vulnerability can be exploited via both IPv4 and IPv6 transport protocols.
CVE-2024-20259 (CVSS 8.6)
This vulnerability exists in the DHCP snooping feature of Cisco IOS XE Software permits an unauthenticated remote attacker to trigger an unexpected reload of a targeted device, leading to a denial of service (DoS) scenario. It stems from mishandling crafted IPv4 DHCP request packets, particularly when endpoint analytics are activated. By sending such a crafted DHCP request through the affected device, an attacker could successfully exploit the vulnerability, causing the device to reload and consequently initiating a DoS condition. Notably, the attack vector is categorized as network, as a DHCP relay anywhere on the network could facilitate exploits from networks beyond the adjacent one.
CVE-2024-20314 (CVSS 8.6)
This vulnerability is in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software, potentially allowing an unauthenticated remote attacker to induce high CPU utilization and halt all traffic processing, thereby causing a denial of service (DoS) situation on the affected device. This vulnerability arises from mishandling certain IPv4 packets. Exploitation of this flaw involves the attacker sending specific IPv4 packets to the targeted device. If successful, the exploit could exhaust the device's CPU resources, resulting in traffic processing being halted and ultimately leading to a DoS condition. Notably, this vulnerability impacts Cisco IOS XE Software when operating on a device functioning as an SD-Access fabric edge node.
Cisco also released advisories and patches for several other vulnerabilities that impact Cisco IOS Software and IOS XE software. They are as follows:
Avertium recommends patching these vulnerabilities as soon as possible. Find additional information and the complete list of vulnerabilities in Cisco’s bundled publication.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with the above vulnerabilities. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
SUPPORTING DOCUMENTATION