How severe is CVE-2024-20446?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2024-20446?

This is classified as CWE-476, which is a common weakness in software security.

CVE-2024-20446 - HIGH Severity | CVSS 8.6

Vulnerability Description

A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in a DHCPv6 RELAY-REPLY message. An attacker could exploit this vulnerability by sending a crafted DHCPv6 packet to any IPv6 address that is configured on an affected device. A successful exploit could allow the attacker to cause the dhcp_snoop process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition.

Related Vulnerabilities

CVE-2018-0305

HIGH

CVSS:8.6(High)

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on t...

CWE-4762018

CVE-2019-12647

HIGH

CVSS:8.6(High)

A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because t...

CWE-4762019

CVE-2019-12654

HIGH

CVSS:8.6(High)

A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resu...

CWE-4762019

CVE-2020-13583

HIGH

CVSS:8.6(High)

A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP reque...

CWE-4762020

CVE-2020-3407

HIGH

CVSS:8.6(High)

A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerab...

CWE-4762020

CVE-2020-3517

HIGH

CVSS:8.6(High)

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial ...

CWE-4762020