CVE-2024-20307 [Medium] | Denial of Service in Ios

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	1.49%	0.73%	-0.77%
2	2025-12-28	1.23%	1.49%	+0.26%
3	2025-12-27	—	1.23%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

1.49%

0.73%

-0.77%

2025-12-28

1.23%

1.49%

+0.26%

2025-12-27

—

1.23%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
6.8	3.1	MEDIUM	`CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:C) Breaking this can reach past the original component and bite other resources—bigger blast radius. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	2.2	4.0	[email protected]
7.5	3.1	HIGH	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	3.9	3.6	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

6.8

3.1

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H): Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C): Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:N): Doesn’t really leak secrets in a meaningful way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

2.2

4.0

[email protected]

7.5

3.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N): Doesn’t really leak secrets in a meaningful way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

3.9

3.6

[email protected]

Affected software / configurations for CVE-2024-20307

Vendor	Product	Version	Raw CPE
cisco	ios	15.1\(2\)sg8	cpe:2.3:o:cisco:ios:15.1\(2\)sg8:::::::*
cisco	ios	15.1\(2\)sy8	cpe:2.3:o:cisco:ios:15.1\(2\)sy8:::::::*
cisco	ios	15.1\(2\)sy9	cpe:2.3:o:cisco:ios:15.1\(2\)sy9:::::::*
cisco	ios	15.1\(2\)sy10	cpe:2.3:o:cisco:ios:15.1\(2\)sy10:::::::*
cisco	ios	15.1\(2\)sy11	cpe:2.3:o:cisco:ios:15.1\(2\)sy11:::::::*
cisco	ios	15.1\(2\)sy12	cpe:2.3:o:cisco:ios:15.1\(2\)sy12:::::::*
cisco	ios	15.1\(2\)sy13	cpe:2.3:o:cisco:ios:15.1\(2\)sy13:::::::*
cisco	ios	15.1\(2\)sy14	cpe:2.3:o:cisco:ios:15.1\(2\)sy14:::::::*
cisco	ios	15.1\(2\)sy15	cpe:2.3:o:cisco:ios:15.1\(2\)sy15:::::::*
cisco	ios	15.1\(2\)sy16	cpe:2.3:o:cisco:ios:15.1\(2\)sy16:::::::*
cisco	ios	15.2\(1\)sy3	cpe:2.3:o:cisco:ios:15.2\(1\)sy3:::::::*
cisco	ios	15.2\(1\)sy4	cpe:2.3:o:cisco:ios:15.2\(1\)sy4:::::::*
cisco	ios	15.2\(1\)sy5	cpe:2.3:o:cisco:ios:15.2\(1\)sy5:::::::*
cisco	ios	15.2\(1\)sy6	cpe:2.3:o:cisco:ios:15.2\(1\)sy6:::::::*
cisco	ios	15.2\(1\)sy7	cpe:2.3:o:cisco:ios:15.2\(1\)sy7:::::::*
cisco	ios	15.2\(1\)sy8	cpe:2.3:o:cisco:ios:15.2\(1\)sy8:::::::*
cisco	ios	15.2\(3\)e4	cpe:2.3:o:cisco:ios:15.2\(3\)e4:::::::*
cisco	ios	15.2\(3\)e5	cpe:2.3:o:cisco:ios:15.2\(3\)e5:::::::*
cisco	ios	15.2\(4\)e2	cpe:2.3:o:cisco:ios:15.2\(4\)e2:::::::*
cisco	ios	15.2\(4\)e3	cpe:2.3:o:cisco:ios:15.2\(4\)e3:::::::*
cisco	ios	15.2\(4\)e4	cpe:2.3:o:cisco:ios:15.2\(4\)e4:::::::*
cisco	ios	15.2\(4\)e5	cpe:2.3:o:cisco:ios:15.2\(4\)e5:::::::*
cisco	ios	15.2\(4\)e5a	cpe:2.3:o:cisco:ios:15.2\(4\)e5a:::::::*
cisco	ios	15.2\(4\)e6	cpe:2.3:o:cisco:ios:15.2\(4\)e6:::::::*
cisco	ios	15.2\(4\)e7	cpe:2.3:o:cisco:ios:15.2\(4\)e7:::::::*
cisco	ios	15.2\(4\)e8	cpe:2.3:o:cisco:ios:15.2\(4\)e8:::::::*
cisco	ios	15.2\(4\)e9	cpe:2.3:o:cisco:ios:15.2\(4\)e9:::::::*
cisco	ios	15.2\(4\)e10	cpe:2.3:o:cisco:ios:15.2\(4\)e10:::::::*
cisco	ios	15.2\(4\)e10a	cpe:2.3:o:cisco:ios:15.2\(4\)e10a:::::::*
cisco	ios	15.2\(4\)e10d	cpe:2.3:o:cisco:ios:15.2\(4\)e10d:::::::*
cisco	ios	15.2\(4\)ea4	cpe:2.3:o:cisco:ios:15.2\(4\)ea4:::::::*
cisco	ios	15.2\(4\)ea5	cpe:2.3:o:cisco:ios:15.2\(4\)ea5:::::::*
cisco	ios	15.2\(4\)ea6	cpe:2.3:o:cisco:ios:15.2\(4\)ea6:::::::*
cisco	ios	15.2\(4\)ea7	cpe:2.3:o:cisco:ios:15.2\(4\)ea7:::::::*
cisco	ios	15.2\(4\)ea8	cpe:2.3:o:cisco:ios:15.2\(4\)ea8:::::::*
cisco	ios	15.2\(4\)ea9	cpe:2.3:o:cisco:ios:15.2\(4\)ea9:::::::*
cisco	ios	15.2\(4\)ea9a	cpe:2.3:o:cisco:ios:15.2\(4\)ea9a:::::::*
cisco	ios	15.2\(4\)ec1	cpe:2.3:o:cisco:ios:15.2\(4\)ec1:::::::*
cisco	ios	15.2\(4\)ec2	cpe:2.3:o:cisco:ios:15.2\(4\)ec2:::::::*
cisco	ios	15.2\(4\)m11	cpe:2.3:o:cisco:ios:15.2\(4\)m11:::::::*
cisco	ios	15.2\(5\)e	cpe:2.3:o:cisco:ios:15.2\(5\)e:::::::*
cisco	ios	15.2\(5\)ea	cpe:2.3:o:cisco:ios:15.2\(5\)ea:::::::*
cisco	ios	15.2\(5b\)e	cpe:2.3:o:cisco:ios:15.2\(5b\)e:::::::*
cisco	ios	15.3\(1\)sy1	cpe:2.3:o:cisco:ios:15.3\(1\)sy1:::::::*
cisco	ios	15.3\(1\)sy2	cpe:2.3:o:cisco:ios:15.3\(1\)sy2:::::::*
cisco	ios	15.3\(3\)jpi11	cpe:2.3:o:cisco:ios:15.3\(3\)jpi11:::::::*
cisco	ios	15.3\(3\)m8	cpe:2.3:o:cisco:ios:15.3\(3\)m8:::::::*
cisco	ios	15.3\(3\)m8a	cpe:2.3:o:cisco:ios:15.3\(3\)m8a:::::::*
cisco	ios	15.3\(3\)m9	cpe:2.3:o:cisco:ios:15.3\(3\)m9:::::::*
cisco	ios	15.3\(3\)m10	cpe:2.3:o:cisco:ios:15.3\(3\)m10:::::::*
cisco	ios	15.3\(3\)s8	cpe:2.3:o:cisco:ios:15.3\(3\)s8:::::::*
cisco	ios	15.3\(3\)s8a	cpe:2.3:o:cisco:ios:15.3\(3\)s8a:::::::*
cisco	ios	15.3\(3\)s9	cpe:2.3:o:cisco:ios:15.3\(3\)s9:::::::*
cisco	ios	15.3\(3\)s10	cpe:2.3:o:cisco:ios:15.3\(3\)s10:::::::*
cisco	ios	15.4\(1\)sy	cpe:2.3:o:cisco:ios:15.4\(1\)sy:::::::*
cisco	ios	15.4\(1\)sy1	cpe:2.3:o:cisco:ios:15.4\(1\)sy1:::::::*
cisco	ios	15.4\(1\)sy2	cpe:2.3:o:cisco:ios:15.4\(1\)sy2:::::::*
cisco	ios	15.4\(1\)sy3	cpe:2.3:o:cisco:ios:15.4\(1\)sy3:::::::*
cisco	ios	15.4\(1\)sy4	cpe:2.3:o:cisco:ios:15.4\(1\)sy4:::::::*
cisco	ios	15.4\(3\)s6	cpe:2.3:o:cisco:ios:15.4\(3\)s6:::::::*
cisco	ios	15.4\(3\)s6a	cpe:2.3:o:cisco:ios:15.4\(3\)s6a:::::::*
cisco	ios	15.4\(3\)s7	cpe:2.3:o:cisco:ios:15.4\(3\)s7:::::::*
cisco	ios	15.4\(3\)s8	cpe:2.3:o:cisco:ios:15.4\(3\)s8:::::::*
cisco	ios	15.4\(3\)s9	cpe:2.3:o:cisco:ios:15.4\(3\)s9:::::::*
cisco	ios	15.4\(3\)s10	cpe:2.3:o:cisco:ios:15.4\(3\)s10:::::::*
cisco	ios	15.5\(1\)s4	cpe:2.3:o:cisco:ios:15.5\(1\)s4:::::::*
cisco	ios	15.5\(1\)sy	cpe:2.3:o:cisco:ios:15.5\(1\)sy:::::::*
cisco	ios	15.5\(1\)sy1	cpe:2.3:o:cisco:ios:15.5\(1\)sy1:::::::*
cisco	ios	15.5\(1\)sy2	cpe:2.3:o:cisco:ios:15.5\(1\)sy2:::::::*
cisco	ios	15.5\(1\)sy3	cpe:2.3:o:cisco:ios:15.5\(1\)sy3:::::::*
cisco	ios	15.5\(1\)sy4	cpe:2.3:o:cisco:ios:15.5\(1\)sy4:::::::*
cisco	ios	15.5\(1\)sy5	cpe:2.3:o:cisco:ios:15.5\(1\)sy5:::::::*
cisco	ios	15.5\(1\)sy6	cpe:2.3:o:cisco:ios:15.5\(1\)sy6:::::::*
cisco	ios	15.5\(1\)sy7	cpe:2.3:o:cisco:ios:15.5\(1\)sy7:::::::*
cisco	ios	15.5\(1\)sy8	cpe:2.3:o:cisco:ios:15.5\(1\)sy8:::::::*
cisco	ios	15.5\(1\)sy9	cpe:2.3:o:cisco:ios:15.5\(1\)sy9:::::::*
cisco	ios	15.5\(1\)sy10	cpe:2.3:o:cisco:ios:15.5\(1\)sy10:::::::*
cisco	ios	15.5\(1\)sy11	cpe:2.3:o:cisco:ios:15.5\(1\)sy11:::::::*
cisco	ios	15.5\(2\)s4	cpe:2.3:o:cisco:ios:15.5\(2\)s4:::::::*
cisco	ios	15.5\(2\)t4	cpe:2.3:o:cisco:ios:15.5\(2\)t4:::::::*

References for CVE-2024-20307

URL	Tags
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev1-NO2ccFWz	Vendor Advisory

URL

CVE-2024-20307

Exploit prediction scoring system (EPSS) score for CVE-2024-20307

Common vulnerability scoring system (CVSS) metrics for CVE-2024-20307

Weakness enumeration for CVE-2024-20307

Affected software / configurations for CVE-2024-20307

References for CVE-2024-20307