Cisco has discovered high-level vulnerabilities in IOS and IOS XE software.

Cisco has resolved security issues in IOS and IOS XE software that could be exploited to conduct a denial of service (DoS) attack. Cisco released patches this week to address several vulnerabilities in IOS and IOS XE software. An unauthenticated attacker can exploit several vulnerabilities addressed by the largest IT giant to cause a denial of service (DoS) condition.

The most serious vulnerabilities:

• CVE-2024-20311 (CVSS: 8.6)- A vulnerability in the Locator ID Separation Protocol (LISP) for Cisco's IOS and IOS XE software. An unauthorized attacker from remote devices can cause the device to reboot using this bug.
• CVE-2024-20314 (CVSS: 8.6)- A vulnerability in the SD-Access (Software-Defined Access) edge node feature of Cisco's IOS XE software.

A remote attacker without authorization can cause high CPU utilization and stop processing all traffic, resulting in a denial of service (DoS) condition on the vulnerable device.

CVE-2024-20307 - CVE-2024-20308 (CVSS: 8.6)- several vulnerabilities in the IKEv1 (Internet Key Exchange version 1) fragmentation feature for Cisco's IOS and IOS XE software. An attacker could allow an unauthenticated remote attacker to cause a heap overflow or corruption on a vulnerable system.

CVE-2024-20259 (CVSS: 8.6)- A vulnerability in the DHCP snooping feature of Cisco's IOS XE software. A remote attacker without authorization can cause an unexpected reboot of a vulnerable device, resulting in a denial of service (DoS) condition.

CVE-2024-20303 (CVSS: 7.4)- A vulnerability in the multicast DNS (mDNS) gateway function for IOS XE software for Wireless Local Area Network Controllers (WLCs). An unauthenticated attacker on a neighboring network could cause a denial of service (DoS) condition by exploiting this bug.

The company is also addressing other vulnerabilities with high and medium severity levels in the Access Point, Catalyst Center, and Aironet Access Point software.