Cisco has launched updates addressing a number of excessive severity vulnerabilities (CVE-2024-20311, CVE-2024-20314, CVE-2024-20307, CVE-2024-20308, CVE-2024-20259, CVE-2024-20303) affecting their IOS and IOS XE Software program.
The vulnerabilities are:
- CVE-2024-20311: Profitable exploitation of this vulnerability might enable an attacker to ship a crafted Locator ID Separation Protocol (LISP) packet to conduct denial-of-service (DoS) assault by inflicting the affected system to reload
- CVE-2024-20314: Profitable exploitation of this vulnerability might enable an attacker to ship sure IPv4 packets to conduct DoS assault by inflicting excessive CPU utilisation and cease processing visitors
- CVE-2024-20307 & CVE-2024-20308: Profitable exploitation of those vulnerabilities might enable an unauthenticated attacker to conduct DoS assault by underflowing and overflowing the heap respectively
- CVE-2024-20259: Profitable exploitation of this vulnerability might enable an attacker to ship a crafted DHCP request to conduct DoS assault by inflicting the affected system to reload
- CVE-2024-20303: Profitable exploitation of this vulnerability might enable an unauthenticated attacker to transmit specifically crafted packets constantly to overwhelm the CPU, inflicting DoS assault because of the lack of connection by entry factors (APs)
The vulnerabilities have an effect on the next merchandise:
- CVE-2024-20311: Cisco IOS or IOS XE Software program enabled with LISP characteristic and configured with ingress/egress tunnel router, map server, and/or map resolver
- CVE-2024-20314: Cisco IOS XE Software program configured as SD-Entry material edge nodes
- CVE-2024-20307 & CVE-2024-20308: Cisco IOS or IOS XE Software program enabled with Web Key Alternate model 1 (IKEv1) fragmentation and configured with IKEv1-based VPN
- CVE-2024-20259:
- Catalyst 9000 Collection Switches
- DNA Site visitors Telemetry Equipment
- CVE-2024-20303:
- Catalyst 9800-CL Wi-fi Controllers for Cloud
- Catalyst 9800 Embedded Wi-fi Controller for Catalyst 9300, 9400, and 9500 Collection Switches
- Catalyst 9800 Collection Wi-fi Controllers
- Embedded Wi-fi Controller on Catalyst APs
Customers and directors of the affected merchandise are suggested to replace to the most recent variations instantly.
Extra data is offered right here: