How severe is CVE-2024-20426?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2024-20426?

This is classified as CWE-476, which is a common weakness in software security.

CVE-2024-20426 - HIGH Severity | CVSS 8.6

Vulnerability Description

A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Related Vulnerabilities

CVE-2018-0305

HIGH

CVSS:8.6(High)

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on t...

CWE-4762018

CVE-2019-12647

HIGH

CVSS:8.6(High)

A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because t...

CWE-4762019

CVE-2019-12654

HIGH

CVSS:8.6(High)

A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resu...

CWE-4762019

CVE-2020-13583

HIGH

CVSS:8.6(High)

A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP reque...

CWE-4762020

CVE-2020-3407

HIGH

CVSS:8.6(High)

A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerab...

CWE-4762020

CVE-2020-3517

HIGH

CVSS:8.6(High)

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial ...

CWE-4762020