CVE-2024-20446

Summary

A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to improper handling of specific fields in a DHCPv6 RELAY-REPLY message. An attacker could exploit this vulnerability by sending a crafted DHCPv6 packet to any IPv6 address that is configured on an affected device. A successful exploit could allow the attacker to cause the dhcp_snoop process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco NX-OS Software10.2(1)affected
CiscoCisco NX-OS Software10.2(1q)affected
CiscoCisco NX-OS Software9.3(9)affected
CiscoCisco NX-OS Software8.2(11)affected

Weaknesses

  • CWE-476: NULL Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References