CVE-2024-20434

Summary

CVE-2024-20434 is a vulnerability affecting Cisco IOS XE Software, which allows an unauthenticated adjacent attacker to trigger a denial of service (DoS) condition on the control plane of the device. This issue stems from improper handling of frames with VLAN tag information, enabling attackers to send crafted frames that can render the control plane unresponsive, leading to loss of access through console, CLI, and standard network protocols. Although data traffic passing through the device is unaffected, restoring service requires reloading the device. Organizations using affected Cisco products should apply relevant patches or updates as recommended by Cisco's security advisory to mitigate this vulnerability. The base severity rating for this vulnerability is categorized as medium, with an exploitability score of 2.8 on a scale where lower scores indicate higher risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.