CVE-2024-20271

CVE Database · CVE-2024-20271

CVE-2024-20271

· HIGHAnalyzed

CVSS v3.1

8.6

EPSS

0.63%

Published

Mar 27, 2024

Modified

Aug 6, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Weaknesses (CWE)

CWE-20

Affected Products (18)

cisco · ios_xe (up to 17.3.8)vulnerable

cisco · ios_xe (up to 17.6.6)vulnerable

cisco · ios_xe (up to 17.9.5)vulnerable

cisco · ios_xe (up to 17.12.2)vulnerable

cisco · business_access_points (up to 10.9.1.0)vulnerable

cisco · business_140ac

cisco · business_140ac_access_point

cisco · business_141acm

cisco · business_142acm

cisco · business_143acm

· business_145ac

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-h9TGGX6W

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs