CVE-2024-20436

Summary

CVE-2024-20436 is a vulnerability affecting the HTTP Server feature of Cisco IOS XE Software with the Telephony Service enabled, which can be exploited by unauthenticated remote attackers to trigger a denial of service (DoS) condition. This issue arises from a null pointer dereference when the system processes specific URLs, allowing an attacker to send crafted HTTP traffic that may cause the affected device to reload. Organizations utilizing vulnerable Cisco products are at risk of significant downtime and service disruption if this vulnerability is exploited. To remediate this issue, it is advised to apply security updates or patches provided by Cisco. The vulnerability has a high severity rating, with a CVSS base score of 8.6, indicating that successful exploitation can severely impact device availability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.