Lucene search
CiscoCISCO-SA-SDWAN-UTD-DOS-HDATQXSHistorySep 25, 2024 - 4:00 p.m.
Cisco Catalyst SD-WAN Routers Denial of Service Vulnerability
2024-09-2516:00:00
tools.cisco.com
cisco
catalyst
sd-wan
routers
denial of service
vulnerability
cisco ios xe
unified threat defense
utd
remote attacker
ipsec tunnel
software update
september 2024
security advisory
A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability exists because UTD improperly handles certain packets as those packets egress an SD-WAN IPsec tunnel. An attacker could exploit this vulnerability by sending crafted traffic through an SD-WAN IPsec tunnel that is configured on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Note: SD-WAN tunnels that are configured with Generic Routing Encapsulation (GRE) are not affected by this vulnerability.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-utd-dos-hDATqxs [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-utd-dos-hDATqxs”]
This advisory is part of the September 2024 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75169”].
Affected configurations
Node
ciscocisco_ios_xe_softwareMatch17.1
ORciscocisco_ios_xe_softwareMatch17.2
ORciscocisco_ios_xe_softwareMatch17.3
ORciscocisco_ios_xe_softwareMatch17.4
ORciscocisco_ios_xe_softwareMatch17.5
ORciscocisco_ios_xe_softwareMatch17.6
ORciscocisco_ios_xe_softwareMatch17.7
ORciscocisco_ios_xe_softwareMatch17.10
ORciscocisco_ios_xe_softwareMatch17.8
ORciscocisco_ios_xe_softwareMatch17.9
ORciscocisco_ios_xe_softwareMatch17.11
ORciscocisco_ios_xe_softwareMatch17.12
ORciscocisco_ios_xe_softwareMatch17.13
ORciscocisco_ios_xe_softwareMatch17.11sw
ORciscoios_xe_sd-wanMatch17.5
ORciscoios_xe_sd-wanMatch17.6
ORciscoios_xe_sd-wanMatch17.7
ORciscoios_xe_sd-wanMatch17.9
ORciscoios_xe_sd-wanMatch17.8
ORciscoios_xe_sd-wanMatch17.10
ORciscoios_xe_sd-wanMatch17.11
ORciscoios_xe_sd-wanMatch17.12
ORciscoios_xe_sd-wanMatch17.13
ORciscoios_xe_sd-wan_16.10.4_when_installed_on_1000_series_integrated_servicesMatchany
ORciscocatalyst_29xx_supervisor_softwareMatchany
ORciscocatalystMatchany
ORciscocisco_ios_xe_softwareMatch17.1.1
ORciscocisco_ios_xe_softwareMatch17.1.1a
ORciscocisco_ios_xe_softwareMatch17.1.1s
ORciscocisco_ios_xe_softwareMatch17.1.2
ORciscocisco_ios_xe_softwareMatch17.1.1t
ORciscocisco_ios_xe_softwareMatch17.1.3
ORciscocisco_ios_xe_softwareMatch17.2.1
ORciscocisco_ios_xe_softwareMatch17.2.1r
ORciscocisco_ios_xe_softwareMatch17.2.1a
ORciscocisco_ios_xe_softwareMatch17.2.1v
ORciscocisco_ios_xe_softwareMatch17.2.2
ORciscocisco_ios_xe_softwareMatch17.2.3
ORciscocisco_ios_xe_softwareMatch17.3.1
ORciscocisco_ios_xe_softwareMatch17.3.2
ORciscocisco_ios_xe_softwareMatch17.3.3
ORciscocisco_ios_xe_softwareMatch17.3.1a
ORciscocisco_ios_xe_softwareMatch17.3.1w
ORciscocisco_ios_xe_softwareMatch17.3.2a
ORciscocisco_ios_xe_softwareMatch17.3.1x
ORciscocisco_ios_xe_softwareMatch17.3.1z
ORciscocisco_ios_xe_softwareMatch17.3.3a
ORciscocisco_ios_xe_softwareMatch17.3.4
ORciscocisco_ios_xe_softwareMatch17.3.5
ORciscocisco_ios_xe_softwareMatch17.3.4a
ORciscocisco_ios_xe_softwareMatch17.3.6
ORciscocisco_ios_xe_softwareMatch17.3.4b
ORciscocisco_ios_xe_softwareMatch17.3.4c
ORciscocisco_ios_xe_softwareMatch17.3.5a
ORciscocisco_ios_xe_softwareMatch17.3.5b
ORciscocisco_ios_xe_softwareMatch17.3.7
ORciscocisco_ios_xe_softwareMatch17.3.8
ORciscocisco_ios_xe_softwareMatch17.3.8a
ORciscocisco_ios_xe_softwareMatch17.4.1
ORciscocisco_ios_xe_softwareMatch17.4.2
ORciscocisco_ios_xe_softwareMatch17.4.1a
ORciscocisco_ios_xe_softwareMatch17.4.1b
ORciscocisco_ios_xe_softwareMatch17.4.1c
ORciscocisco_ios_xe_softwareMatch17.4.2a
ORciscocisco_ios_xe_softwareMatch17.5.1
ORciscocisco_ios_xe_softwareMatch17.5.1a
ORciscocisco_ios_xe_softwareMatch17.5.1b
ORciscocisco_ios_xe_softwareMatch17.5.1c
ORciscocisco_ios_xe_softwareMatch17.6.1
ORciscocisco_ios_xe_softwareMatch17.6.2
ORciscocisco_ios_xe_softwareMatch17.6.1w
ORciscocisco_ios_xe_softwareMatch17.6.1a
ORciscocisco_ios_xe_softwareMatch17.6.1x
ORciscocisco_ios_xe_softwareMatch17.6.3
ORciscocisco_ios_xe_softwareMatch17.6.1y
ORciscocisco_ios_xe_softwareMatch17.6.1z
ORciscocisco_ios_xe_softwareMatch17.6.3a
ORciscocisco_ios_xe_softwareMatch17.6.4
ORciscocisco_ios_xe_softwareMatch17.6.1z1
ORciscocisco_ios_xe_softwareMatch17.6.5
ORciscocisco_ios_xe_softwareMatch17.6.6
ORciscocisco_ios_xe_softwareMatch17.6.6a
ORciscocisco_ios_xe_softwareMatch17.6.5a
ORciscocisco_ios_xe_softwareMatch17.7.1
ORciscocisco_ios_xe_softwareMatch17.7.1a
ORciscocisco_ios_xe_softwareMatch17.7.1b
ORciscocisco_ios_xe_softwareMatch17.7.2
ORciscocisco_ios_xe_softwareMatch17.10.1
ORciscocisco_ios_xe_softwareMatch17.10.1a
ORciscocisco_ios_xe_softwareMatch17.10.1b
ORciscocisco_ios_xe_softwareMatch17.8.1
ORciscocisco_ios_xe_softwareMatch17.8.1a
ORciscocisco_ios_xe_softwareMatch17.9.1
ORciscocisco_ios_xe_softwareMatch17.9.1w
ORciscocisco_ios_xe_softwareMatch17.9.2
ORciscocisco_ios_xe_softwareMatch17.9.1a
ORciscocisco_ios_xe_softwareMatch17.9.1x
ORciscocisco_ios_xe_softwareMatch17.9.1y
ORciscocisco_ios_xe_softwareMatch17.9.3
ORciscocisco_ios_xe_softwareMatch17.9.2a
ORciscocisco_ios_xe_softwareMatch17.9.1x1
ORciscocisco_ios_xe_softwareMatch17.9.3a
ORciscocisco_ios_xe_softwareMatch17.9.4
ORciscocisco_ios_xe_softwareMatch17.9.1y1
ORciscocisco_ios_xe_softwareMatch17.9.5
ORciscocisco_ios_xe_softwareMatch17.9.4a
ORciscocisco_ios_xe_softwareMatch17.9.5a
ORciscocisco_ios_xe_softwareMatch17.9.5b
ORciscocisco_ios_xe_softwareMatch17.9.5c
ORciscocisco_ios_xe_softwareMatch17.9.5d
ORciscocisco_ios_xe_softwareMatch17.11.1
ORciscocisco_ios_xe_softwareMatch17.11.1a
ORciscocisco_ios_xe_softwareMatch17.12.1
ORciscocisco_ios_xe_softwareMatch17.12.1w
ORciscocisco_ios_xe_softwareMatch17.12.1a
ORciscocisco_ios_xe_softwareMatch17.12.2
ORciscocisco_ios_xe_softwareMatch17.12.2a
ORciscocisco_ios_xe_softwareMatch17.13.1
ORciscocisco_ios_xe_softwareMatch17.13.1a
ORciscocisco_ios_xe_softwareMatch17.11.99sw
ORciscoios_xe_sd-wanMatch17.5.1a
ORciscoios_xe_sd-wanMatch17.6.1a
ORciscoios_xe_sd-wanMatch17.6.2
ORciscoios_xe_sd-wanMatch17.6.3a
ORciscoios_xe_sd-wanMatch17.6.4
ORciscoios_xe_sd-wanMatch17.7.1a
ORciscoios_xe_sd-wanMatch17.7.2
ORciscoios_xe_sd-wanMatch17.9.1a
ORciscoios_xe_sd-wanMatch17.9.2a
ORciscoios_xe_sd-wanMatch17.9.3a
ORciscoios_xe_sd-wanMatch17.9.4
ORciscoios_xe_sd-wanMatch17.9.5a
ORciscoios_xe_sd-wanMatch17.8.1a
ORciscoios_xe_sd-wanMatch17.10.1a
ORciscoios_xe_sd-wanMatch17.11.1a
ORciscoios_xe_sd-wanMatch17.12.1a
ORciscoios_xe_sd-wanMatch17.13.1a
ORciscoios_xe_sd-wanMatch1000_series_integrated_services_routers
ORciscocatalyst_sd-wan_managerMatch8000v_edge_software
ORciscocatalyst_sd-wan_managerMatch8300_edge_platform
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch1000_series_integrated_services_routers
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8000v_edge_software
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8300_edge_platform
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8000v_edge_software
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8300_edge_platform
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8000v_edge_software
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8300_edge_platform
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch1000_series_integrated_services_routers
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8000v_edge_software
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8300_edge_platform
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch1000_series_integrated_services_routers
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8000v_edge_software
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8300_edge_platform
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8000v_edge_software
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8300_edge_platform
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8000v_edge_software
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8300_edge_platform
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch1000_series_integrated_services_routers
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8000v_edge_software
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8300_edge_platform
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch1000_series_integrated_services_routers
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8000v_edge_software
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8300_edge_platform
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch1000_series_integrated_services_routers
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8000v_edge_software
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8300_edge_platform
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch1000_series_integrated_services_routers
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8000v_edge_software
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8300_edge_platform
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8000v_edge_software
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8300_edge_platform
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch1000_series_integrated_services_routers
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8000v_edge_software
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8300_edge_platform
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch1000_series_integrated_services_routers
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8000v_edge_software
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8300_edge_platform
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch1000_series_integrated_services_routers
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8000v_edge_software
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8300_edge_platform
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch1000_series_integrated_services_routers
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8000v_edge_software
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8300_edge_platform
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8000v_edge_software
ORciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatch8300_edge_platform
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | cisco_ios_xe_software | 17.1 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.1:*:*:*:*:*:*:* |
| cisco | cisco_ios_xe_software | 17.2 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.2:*:*:*:*:*:*:* |
| cisco | cisco_ios_xe_software | 17.3 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.3:*:*:*:*:*:*:* |
| cisco | cisco_ios_xe_software | 17.4 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.4:*:*:*:*:*:*:* |
| cisco | cisco_ios_xe_software | 17.5 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.5:*:*:*:*:*:*:* |
| cisco | cisco_ios_xe_software | 17.6 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.6:*:*:*:*:*:*:* |
| cisco | cisco_ios_xe_software | 17.7 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.7:*:*:*:*:*:*:* |
| cisco | cisco_ios_xe_software | 17.10 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.10:*:*:*:*:*:*:* |
| cisco | cisco_ios_xe_software | 17.8 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.8:*:*:*:*:*:*:* |
| cisco | cisco_ios_xe_software | 17.9 | cpe:2.3:a:cisco:cisco_ios_xe_software:17.9:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2024-20455
2024-09-25 17:15:16
cvelist
cvelist
CVE-2024-20455
2024-09-25 16:18:50
vulnrichment
vulnrichment
CVE-2024-20455
2024-09-25 16:18:50
nvd
nvd
CVE-2024-20455
2024-09-25 17:15:16