Vulnerability Description
A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xe | < 17.3.8 |
| Cisco | Business Access Points | < 10.9.1.0 |
| Cisco | Business 140Ac | - |
| Cisco | Business 140Ac Access Point | - |
| Cisco | Business 141Acm | - |
| Cisco | Business 142Acm | - |
| Cisco | Business 143Acm | - |
| Cisco | Business 145Ac | - |
| Cisco | Business 145Ac Access Point | - |
| Cisco | Business 240Ac | - |
| Cisco | Business 150Ax | - |
| Cisco | Business 150Ax Access Point | - |
| Cisco | Business 151Axm | - |
| Cisco | Wireless Lan Controller Software | < 8.10.190.0 |
Related Weaknesses (CWE)
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
FAQ
What is CVE-2024-20271?
CVE-2024-20271 is a vulnerability with a CVSS score of 8.6 (HIGH). A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. T...
How severe is CVE-2024-20271?
CVE-2024-20271 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-20271?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco Business Access Points, Cisco Business 140Ac, Cisco Business 140Ac Access Point, Cisco Business 141Acm.