CVE-2024-20434

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description The issue is related to improper handling of frames with VLAN tag information, which could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. An attacker could exploit this by sending crafted frames to an affected device, rendering the control plane unresponsive. The device would not be accessible through the console or CLI and would not respond to ping requests, SNMP requests, or requests from other control plane protocols. Traffic traversing the device through the data plane is not affected. A reload of the device is required to restore control plane services.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.