CVE-2024-20266

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Mar 13, 2024

CWE ID 476

Summary

CVE-2024-20266 is a vulnerability affecting the DHCPv4 server feature in Cisco IOS XR Software. An unauthenticated, remote attacker can exploit this issue by sending a malformed DHCPv4 message, causing the dhcpd process to crash, leading to a denial of service (DoS) condition. The process restarts automatically, but DHCPv4 services are unavailable for approximately two minutes, potentially preventing network access to newly joining clients. Only the dhcpd process is affected, with the router itself not reloading. This vulnerability is specific to DHCPv4 and does not impact DHCPv6.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/u3x-RP
https://www.cve.org/CVERecord?id=CVE-2024-20266
https://nvd.nist.gov/vuln/detail/CVE-2024-20266

Back to Vulnerability Database

CVE-2024-20266

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations