CVE-2024-20276

Vulnerability

A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches, identified as CVE-2024-20276, allows an unauthenticated, adjacent attacker to cause an unexpected reload of the affected device. This vulnerability exists due to improper handling of process-switched traffic. Affected versions include specific releases of Cisco IOS Software for the Catalyst 6000 Series Switches as detailed in the Cisco Security Advisory [1]. The vulnerability is triggered when the device processes crafted traffic that bypasses normal hardware forwarding and is handled by the CPU [1].

Exploitation

An attacker must be on the same Layer 2 network segment as the target device, i.e., adjacent access is required. No authentication is needed [1]. The attacker sends specially crafted traffic to the affected switch. The traffic must be process-switched, meaning it is not fast-switched or hardware-switched by the device's ASICs [1]. A successful attack triggers a device reload without requiring any user interaction or race condition [1].

Impact

A successful exploit causes the targeted Cisco Catalyst 6000 Series Switch to reload, resulting in a denial of service (DoS) condition [1]. This disrupts network operations until the device completes its boot process and resumes normal operation. No other impact on confidentiality or integrity has been identified [1].

Mitigation

Cisco has released free software updates to address this vulnerability. Customers should upgrade to a fixed version of Cisco IOS Software as indicated in the security advisory [1]. There are no workarounds available [1]. The vulnerability is not listed in the Known Exploited Vulnerabilities (KEV) catalog as of the advisory publication date.