CVE-2024-20455
CVSS 3.1 Score 8.6 of 10 (high)
Details
Summary
CVE-2024-20455 is a high-severity vulnerability affecting the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode. This flaw allows unauthenticated, remote attackers to trigger a denial of service (DoS) condition by sending specially crafted traffic through an SD-WAN IPsec tunnel, causing the affected device to reload. Notably, SD-WAN tunnels configured with Generic Routing Encapsulation (GRE) are not impacted. To remediate this vulnerability, organizations should apply the latest security updates provided by Cisco. Given its potential for significant availability impact, it poses a serious threat to network stability and operational continuity for affected organizations.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.