How severe is CVE-2024-20294?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.6 out of 10.

What type of vulnerability is CVE-2024-20294?

This is classified as CWE-805, which is a common weakness in software security.

CVE-2024-20294 - MEDIUM Severity | CVSS 6.6

Vulnerability Description

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).

Related Vulnerabilities

CVE-2019-19339

MEDIUM

CVSS:6.5(Medium)

It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to phys...

CWE-8052019

CVE-2022-0519

MEDIUM

CVSS:6.3(Medium)

Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.

CWE-8052022

CVE-2023-5396

HIGH

CVSS:7.4(High)

Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendati...

CWE-8052023

CVE-2025-20191

HIGH

CVSS:7.4(High)

A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller (WLC) AireOS Software could allo...

CWE-8052025

CVE-2025-20202

HIGH

CVSS:7.4(High)

A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is...

CWE-8052025

CVE-2025-21591

HIGH

CVSS:7.4(High)

A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP...

CWE-8052025