Cisco Fixes Multiple Vulnerabilities in IOS and IOS XE Software, Potentially Triggering Denial-of-Service (DoS) Attacks


Cisco has issued patches to rectify several vulnerabilities present in its IOS and IOS XE software, which could potentially be exploited by unauthenticated attackers to trigger denial-of-service (DoS) conditions.

Among the most severe issues addressed by the company are:

  • CVE-2024-20311 (CVSS score 8.6): This vulnerability lies in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software. An unauthenticated remote attacker can exploit this flaw to cause a device to reload.

  • CVE-2024-20314 (CVSS score 8.6): Found in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software, this vulnerability enables unauthenticated remote attackers to induce high CPU utilization and halt all traffic processing, resulting in a denial-of-service (DoS) condition.

  • CVE-2024-20307 and CVE-2024-20308 (CVSS score 8.6): Multiple vulnerabilities were identified in the Internet Key Exchange version 1 (IKEv1) fragmentation feature of Cisco IOS Software and Cisco IOS XE Software. These vulnerabilities could allow unauthenticated remote attackers to instigate heap overflow or corruption on affected systems.

  • CVE-2024-20259 (CVSS score 8.6): This vulnerability pertains to the DHCP snooping feature of Cisco IOS XE Software, where an unauthenticated remote attacker can cause an affected device to unexpectedly reload, leading to a denial-of-service (DoS) condition.

  • CVE-2024-20303 (CVSS score 7.4): Found in the multicast DNS (mDNS) gateway feature of IOS XE Software for Wireless LAN Controllers (WLCs), this vulnerability can be triggered by an unauthenticated adjacent attacker to cause a denial-of-service (DoS) condition.

Additionally, Cisco has addressed other high and medium-severity vulnerabilities in Access Point Software, Catalyst Center, and Aironet Access Point Software.