CVE-2024-20312

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and have formed an adjacency.

Published: 2024-03-27 Last update: 2025-08-26 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2024-20312 is rated Low Risk (35.6/100): CVSS High severity, with low exploitation likelihood (EPSS 0.26%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2024-20312

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.05% 0.26% +0.20%
2 2026-05-25 0.05% 0.05% +0.00%
3 2026-05-22 0.05%

Full EPSS history (19 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2024-20312

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.4 3.1 HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Click to expand
Attack vector (AV:A)
Attacker has to be nearby on the network—same office, same link, that vibe—not the whole wide internet.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 2.8 4.0 [email protected]

Weakness enumeration for CVE-2024-20312

Affected software / configurations for CVE-2024-20312

Vendor Product Version Raw CPE
cisco ios 15.0\(1\)ex cpe:2.3:o:cisco:ios:15.0\(1\)ex:*:*:*:*:*:*:*
cisco ios 15.1\(1\)sy cpe:2.3:o:cisco:ios:15.1\(1\)sy:*:*:*:*:*:*:*
cisco ios 15.1\(1\)sy1 cpe:2.3:o:cisco:ios:15.1\(1\)sy1:*:*:*:*:*:*:*
cisco ios 15.1\(1\)sy2 cpe:2.3:o:cisco:ios:15.1\(1\)sy2:*:*:*:*:*:*:*
cisco ios 15.1\(1\)sy3 cpe:2.3:o:cisco:ios:15.1\(1\)sy3:*:*:*:*:*:*:*
cisco ios 15.1\(1\)sy4 cpe:2.3:o:cisco:ios:15.1\(1\)sy4:*:*:*:*:*:*:*
cisco ios 15.1\(1\)sy5 cpe:2.3:o:cisco:ios:15.1\(1\)sy5:*:*:*:*:*:*:*
cisco ios 15.1\(1\)sy6 cpe:2.3:o:cisco:ios:15.1\(1\)sy6:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sg cpe:2.3:o:cisco:ios:15.1\(2\)sg:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sg1 cpe:2.3:o:cisco:ios:15.1\(2\)sg1:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sg2 cpe:2.3:o:cisco:ios:15.1\(2\)sg2:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sg3 cpe:2.3:o:cisco:ios:15.1\(2\)sg3:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sg4 cpe:2.3:o:cisco:ios:15.1\(2\)sg4:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sg5 cpe:2.3:o:cisco:ios:15.1\(2\)sg5:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sg6 cpe:2.3:o:cisco:ios:15.1\(2\)sg6:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sg7 cpe:2.3:o:cisco:ios:15.1\(2\)sg7:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sg8 cpe:2.3:o:cisco:ios:15.1\(2\)sg8:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy cpe:2.3:o:cisco:ios:15.1\(2\)sy:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy1 cpe:2.3:o:cisco:ios:15.1\(2\)sy1:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy2 cpe:2.3:o:cisco:ios:15.1\(2\)sy2:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy3 cpe:2.3:o:cisco:ios:15.1\(2\)sy3:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy4 cpe:2.3:o:cisco:ios:15.1\(2\)sy4:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy4a cpe:2.3:o:cisco:ios:15.1\(2\)sy4a:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy5 cpe:2.3:o:cisco:ios:15.1\(2\)sy5:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy6 cpe:2.3:o:cisco:ios:15.1\(2\)sy6:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy7 cpe:2.3:o:cisco:ios:15.1\(2\)sy7:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy8 cpe:2.3:o:cisco:ios:15.1\(2\)sy8:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy9 cpe:2.3:o:cisco:ios:15.1\(2\)sy9:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy10 cpe:2.3:o:cisco:ios:15.1\(2\)sy10:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy11 cpe:2.3:o:cisco:ios:15.1\(2\)sy11:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy12 cpe:2.3:o:cisco:ios:15.1\(2\)sy12:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy13 cpe:2.3:o:cisco:ios:15.1\(2\)sy13:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy14 cpe:2.3:o:cisco:ios:15.1\(2\)sy14:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy15 cpe:2.3:o:cisco:ios:15.1\(2\)sy15:*:*:*:*:*:*:*
cisco ios 15.1\(2\)sy16 cpe:2.3:o:cisco:ios:15.1\(2\)sy16:*:*:*:*:*:*:*
cisco ios 15.2\(1\)e cpe:2.3:o:cisco:ios:15.2\(1\)e:*:*:*:*:*:*:*
cisco ios 15.2\(1\)e1 cpe:2.3:o:cisco:ios:15.2\(1\)e1:*:*:*:*:*:*:*
cisco ios 15.2\(1\)e2 cpe:2.3:o:cisco:ios:15.2\(1\)e2:*:*:*:*:*:*:*
cisco ios 15.2\(1\)e3 cpe:2.3:o:cisco:ios:15.2\(1\)e3:*:*:*:*:*:*:*
cisco ios 15.2\(1\)ey cpe:2.3:o:cisco:ios:15.2\(1\)ey:*:*:*:*:*:*:*
cisco ios 15.2\(1\)s cpe:2.3:o:cisco:ios:15.2\(1\)s:*:*:*:*:*:*:*
cisco ios 15.2\(1\)s1 cpe:2.3:o:cisco:ios:15.2\(1\)s1:*:*:*:*:*:*:*
cisco ios 15.2\(1\)s2 cpe:2.3:o:cisco:ios:15.2\(1\)s2:*:*:*:*:*:*:*
cisco ios 15.2\(1\)sy cpe:2.3:o:cisco:ios:15.2\(1\)sy:*:*:*:*:*:*:*
cisco ios 15.2\(1\)sy0a cpe:2.3:o:cisco:ios:15.2\(1\)sy0a:*:*:*:*:*:*:*
cisco ios 15.2\(1\)sy1 cpe:2.3:o:cisco:ios:15.2\(1\)sy1:*:*:*:*:*:*:*
cisco ios 15.2\(1\)sy1a cpe:2.3:o:cisco:ios:15.2\(1\)sy1a:*:*:*:*:*:*:*
cisco ios 15.2\(1\)sy2 cpe:2.3:o:cisco:ios:15.2\(1\)sy2:*:*:*:*:*:*:*
cisco ios 15.2\(1\)sy3 cpe:2.3:o:cisco:ios:15.2\(1\)sy3:*:*:*:*:*:*:*
cisco ios 15.2\(1\)sy4 cpe:2.3:o:cisco:ios:15.2\(1\)sy4:*:*:*:*:*:*:*
cisco ios 15.2\(1\)sy5 cpe:2.3:o:cisco:ios:15.2\(1\)sy5:*:*:*:*:*:*:*
cisco ios 15.2\(1\)sy6 cpe:2.3:o:cisco:ios:15.2\(1\)sy6:*:*:*:*:*:*:*
cisco ios 15.2\(1\)sy7 cpe:2.3:o:cisco:ios:15.2\(1\)sy7:*:*:*:*:*:*:*
cisco ios 15.2\(1\)sy8 cpe:2.3:o:cisco:ios:15.2\(1\)sy8:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e cpe:2.3:o:cisco:ios:15.2\(2\)e:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e1 cpe:2.3:o:cisco:ios:15.2\(2\)e1:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e2 cpe:2.3:o:cisco:ios:15.2\(2\)e2:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e3 cpe:2.3:o:cisco:ios:15.2\(2\)e3:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e4 cpe:2.3:o:cisco:ios:15.2\(2\)e4:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e5 cpe:2.3:o:cisco:ios:15.2\(2\)e5:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e5a cpe:2.3:o:cisco:ios:15.2\(2\)e5a:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e5b cpe:2.3:o:cisco:ios:15.2\(2\)e5b:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e6 cpe:2.3:o:cisco:ios:15.2\(2\)e6:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e7 cpe:2.3:o:cisco:ios:15.2\(2\)e7:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e7b cpe:2.3:o:cisco:ios:15.2\(2\)e7b:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e8 cpe:2.3:o:cisco:ios:15.2\(2\)e8:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e9 cpe:2.3:o:cisco:ios:15.2\(2\)e9:*:*:*:*:*:*:*
cisco ios 15.2\(2\)e10 cpe:2.3:o:cisco:ios:15.2\(2\)e10:*:*:*:*:*:*:*
cisco ios 15.2\(2\)ea cpe:2.3:o:cisco:ios:15.2\(2\)ea:*:*:*:*:*:*:*
cisco ios 15.2\(2\)ea1 cpe:2.3:o:cisco:ios:15.2\(2\)ea1:*:*:*:*:*:*:*
cisco ios 15.2\(2\)ea2 cpe:2.3:o:cisco:ios:15.2\(2\)ea2:*:*:*:*:*:*:*
cisco ios 15.2\(2\)ea3 cpe:2.3:o:cisco:ios:15.2\(2\)ea3:*:*:*:*:*:*:*
cisco ios 15.2\(2\)eb cpe:2.3:o:cisco:ios:15.2\(2\)eb:*:*:*:*:*:*:*
cisco ios 15.2\(2\)eb1 cpe:2.3:o:cisco:ios:15.2\(2\)eb1:*:*:*:*:*:*:*
cisco ios 15.2\(2\)eb2 cpe:2.3:o:cisco:ios:15.2\(2\)eb2:*:*:*:*:*:*:*
cisco ios 15.2\(2\)s cpe:2.3:o:cisco:ios:15.2\(2\)s:*:*:*:*:*:*:*
cisco ios 15.2\(2\)s0a cpe:2.3:o:cisco:ios:15.2\(2\)s0a:*:*:*:*:*:*:*
cisco ios 15.2\(2\)s0c cpe:2.3:o:cisco:ios:15.2\(2\)s0c:*:*:*:*:*:*:*
cisco ios 15.2\(2\)s1 cpe:2.3:o:cisco:ios:15.2\(2\)s1:*:*:*:*:*:*:*
cisco ios 15.2\(2\)s2 cpe:2.3:o:cisco:ios:15.2\(2\)s2:*:*:*:*:*:*:*

References for CVE-2024-20312

cvelogic Threat Intelligence