{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-20266","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2023-11-08T15:08:07.624Z","datePublished":"2024-03-13T16:42:27.815Z","dateUpdated":"2024-08-14T15:00:38.372Z"},"containers":{"cna":{"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2024-03-13T16:42:27.815Z"},"descriptions":[{"lang":"en","value":"A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a crash of the dhcpd process. While the dhcpd process is restarting, which may take approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period and rely on the DHCPv4 server of the affected device.\r\n\r Notes: \r\n\r \r Only the dhcpd process crashes and eventually restarts automatically. The router does not reload.\r This vulnerability only applies to DHCPv4. DHCP version 6 (DHCPv6) is not affected."}],"affected":[{"vendor":"Cisco","product":"Cisco IOS XR Software","versions":[{"version":"5.2.0","status":"affected"},{"version":"5.2.1","status":"affected"},{"version":"5.2.2","status":"affected"},{"version":"5.2.4","status":"affected"},{"version":"5.2.3","status":"affected"},{"version":"5.2.5","status":"affected"},{"version":"5.2.47","status":"affected"},{"version":"5.3.0","status":"affected"},{"version":"5.3.1","status":"affected"},{"version":"5.3.2","status":"affected"},{"version":"5.3.3","status":"affected"},{"version":"5.3.4","status":"affected"},{"version":"6.0.0","status":"affected"},{"version":"6.0.1","status":"affected"},{"version":"6.0.2","status":"affected"},{"version":"6.1.1","status":"affected"},{"version":"6.1.2","status":"affected"},{"version":"6.1.3","status":"affected"},{"version":"6.1.4","status":"affected"},{"version":"6.1.12","status":"affected"},{"version":"6.1.22","status":"affected"},{"version":"6.1.32","status":"affected"},{"version":"6.1.36","status":"affected"},{"version":"6.1.42","status":"affected"},{"version":"6.2.1","status":"affected"},{"version":"6.2.2","status":"affected"},{"version":"6.2.3","status":"affected"},{"version":"6.2.25","status":"affected"},{"version":"6.2.11","status":"affected"},{"version":"6.3.2","status":"affected"},{"version":"6.3.3","status":"affected"},{"version":"6.3.15","status":"affected"},{"version":"6.4.1","status":"affected"},{"version":"6.4.2","status":"affected"},{"version":"6.4.3","status":"affected"},{"version":"6.5.1","status":"affected"},{"version":"6.5.2","status":"affected"},{"version":"6.5.3","status":"affected"},{"version":"6.5.25","status":"affected"},{"version":"6.5.26","status":"affected"},{"version":"6.5.28","status":"affected"},{"version":"6.5.29","status":"affected"},{"version":"6.5.32","status":"affected"},{"version":"6.5.33","status":"affected"},{"version":"6.6.2","status":"affected"},{"version":"6.6.3","status":"affected"},{"version":"6.6.25","status":"affected"},{"version":"6.6.4","status":"affected"},{"version":"7.0.1","status":"affected"},{"version":"7.0.2","status":"affected"},{"version":"7.0.12","status":"affected"},{"version":"7.0.14","status":"affected"},{"version":"7.1.1","status":"affected"},{"version":"7.1.15","status":"affected"},{"version":"7.1.2","status":"affected"},{"version":"7.1.3","status":"affected"},{"version":"6.7.1","status":"affected"},{"version":"6.7.2","status":"affected"},{"version":"6.7.3","status":"affected"},{"version":"6.7.4","status":"affected"},{"version":"7.2.0","status":"affected"},{"version":"7.2.1","status":"affected"},{"version":"7.2.2","status":"affected"},{"version":"7.3.1","status":"affected"},{"version":"7.3.15","status":"affected"},{"version":"7.3.2","status":"affected"},{"version":"7.3.3","status":"affected"},{"version":"7.3.5","status":"affected"},{"version":"7.4.1","status":"affected"},{"version":"7.4.2","status":"affected"},{"version":"6.8.1","status":"affected"},{"version":"6.8.2","status":"affected"},{"version":"7.5.1","status":"affected"},{"version":"7.5.3","status":"affected"},{"version":"7.5.2","status":"affected"},{"version":"7.5.4","status":"affected"},{"version":"7.5.5","status":"affected"},{"version":"7.6.1","status":"affected"},{"version":"7.6.2","status":"affected"},{"version":"7.7.1","status":"affected"},{"version":"7.7.2","status":"affected"},{"version":"7.7.21","status":"affected"},{"version":"6.9.1","status":"affected"},{"version":"6.9.2","status":"affected"},{"version":"7.8.1","status":"affected"},{"version":"7.8.2","status":"affected"},{"version":"7.9.1","status":"affected"},{"version":"7.9.2","status":"affected"},{"version":"7.9.21","status":"affected"},{"version":"7.10.1","status":"affected"},{"version":"7.10.2","status":"affected"}]}],"problemTypes":[{"descriptions":[{"lang":"en","description":"NULL Pointer Dereference","type":"cwe","cweId":"CWE-476"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dhcp-dos-3tgPKRdm","name":"cisco-sa-iosxr-dhcp-dos-3tgPKRdm"}],"metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"}}],"exploits":[{"lang":"en","value":"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"source":{"advisory":"cisco-sa-iosxr-dhcp-dos-3tgPKRdm","discovery":"INTERNAL","defects":["CSCwf83090"]}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:52:31.683Z"},"title":"CVE Program Container","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dhcp-dos-3tgPKRdm","name":"cisco-sa-iosxr-dhcp-dos-3tgPKRdm","tags":["x_transferred"]}]},{"affected":[{"vendor":"cisco","product":"ios_xr_software","cpes":["cpe:2.3:o:cisco:ios_xr:5.2.0:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:5.2.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:5.2.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:5.2.4:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:5.2.3:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:5.2.5:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:5.2.47:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:5.3.0:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:5.3.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:5.3.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:5.3.3:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:5.3.4:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.0.0:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.0.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.0.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.1.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.1.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.1.3:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.1.4:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.1.12:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.1.22:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.1.32:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.1.36:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.1.42:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.2.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.2.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.2.3:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.2.25:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.2.11:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.3.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.3.3:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.3.15:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.5.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.5.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.5.25:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.5.26:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.5.28:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.5.29:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.5.32:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.5.33:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.6.3:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.6.4:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.1.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.1.15:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.1.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.1.3:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.7.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.7.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.7.3:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.7.4:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.3.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.3.15:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.3.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.3.3:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.3.5:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.8.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.8.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.5.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.5.3:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.5.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.5.4:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.5.5:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.6.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.6.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.7.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.7.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.7.21:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.9.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:6.9.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.8.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.8.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.9.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.9.21:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.10.1:*:*:*:*:*:*:*","cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"5.2.0","status":"affected"},{"version":"5.2.1","status":"affected"},{"version":"5.2.2","status":"affected"},{"version":"5.2.4","status":"affected"},{"version":"5.2.3","status":"affected"},{"version":"5.2.5","status":"affected"},{"version":"5.2.47","status":"affected"},{"version":"5.3.0","status":"affected"},{"version":"5.3.1","status":"affected"},{"version":"5.3.2","status":"affected"},{"version":"5.3.3","status":"affected"},{"version":"5.3.4","status":"affected"},{"version":"6.0.0","status":"affected"},{"version":"6.0.1","status":"affected"},{"version":"6.0.2","status":"affected"},{"version":"6.1.1","status":"affected"},{"version":"6.1.2","status":"affected"},{"version":"6.1.3","status":"affected"},{"version":"6.1.4","status":"affected"},{"version":"6.1.12","status":"affected"},{"version":"6.1.22","status":"affected"},{"version":"6.1.32","status":"affected"},{"version":"6.1.36","status":"affected"},{"version":"6.1.42","status":"affected"},{"version":"6.2.1","status":"affected"},{"version":"6.2.2","status":"affected"},{"version":"6.2.3","status":"affected"},{"version":"6.2.25","status":"affected"},{"version":"6.2.11","status":"affected"},{"version":"6.3.2","status":"affected"},{"version":"6.3.3","status":"affected"},{"version":"6.3.15","status":"affected"},{"version":"6.4.1","status":"affected"},{"version":"6.4.2","status":"affected"},{"version":"6.4.3","status":"affected"},{"version":"6.5.1","status":"affected"},{"version":"6.5.2","status":"affected"},{"version":"6.5.3","status":"affected"},{"version":"6.5.25","status":"affected"},{"version":"6.5.26","status":"affected"},{"version":"6.5.28","status":"affected"},{"version":"6.5.29","status":"affected"},{"version":"6.5.32","status":"affected"},{"version":"6.5.33","status":"affected"},{"version":"6.6.2","status":"affected"},{"version":"6.6.3","status":"affected"},{"version":"6.6.25","status":"affected"},{"version":"6.6.4","status":"affected"},{"version":"7.0.1","status":"affected"},{"version":"7.0.2","status":"affected"},{"version":"7.0.12","status":"affected"},{"version":"7.0.14","status":"affected"},{"version":"7.1.1","status":"affected"},{"version":"7.1.15","status":"affected"},{"version":"7.1.2","status":"affected"},{"version":"7.1.3","status":"affected"},{"version":"6.7.1","status":"affected"},{"version":"6.7.2","status":"affected"},{"version":"6.7.3","status":"affected"},{"version":"6.7.4","status":"affected"},{"version":"7.2.0","status":"affected"},{"version":"7.2.1","status":"affected"},{"version":"7.2.2","status":"affected"},{"version":"7.3.1","status":"affected"},{"version":"7.3.15","status":"affected"},{"version":"7.3.2","status":"affected"},{"version":"7.3.3","status":"affected"},{"version":"7.3.5","status":"affected"},{"version":"7.4.1","status":"affected"},{"version":"7.4.2","status":"affected"},{"version":"6.8.1","status":"affected"},{"version":"6.8.2","status":"affected"},{"version":"7.5.1","status":"affected"},{"version":"7.5.3","status":"affected"},{"version":"7.5.2","status":"affected"},{"version":"7.5.4","status":"affected"},{"version":"7.5.5","status":"affected"},{"version":"7.6.1","status":"affected"},{"version":"7.6.2","status":"affected"},{"version":"7.7.1","status":"affected"},{"version":"7.7.2","status":"affected"},{"version":"7.7.21","status":"affected"},{"version":"6.9.1","status":"affected"},{"version":"6.9.2","status":"affected"},{"version":"7.8.1","status":"affected"},{"version":"7.8.2","status":"affected"},{"version":"7.9.1","status":"affected"},{"version":"7.9.2","status":"affected"},{"version":"7.9.21","status":"affected"},{"version":"7.10.1","status":"affected"},{"version":"7.10.2","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-14T15:00:29.877058Z","id":"CVE-2024-20266","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-14T15:00:38.372Z"}}]}}