CVE-2024-20433 [High] | Denial of Service in Ios

A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow when processing crafted RSVP packets. An attacker could exploit this vulnerability by sending RSVP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	1.14%	0.64%	-0.50%
2	2026-03-16	1.48%	1.14%	-0.34%
3	2026-03-08	—	1.48%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

1.14%

0.64%

-0.50%

2026-03-16

1.48%

1.14%

-0.34%

2026-03-08

—

1.48%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
8.6	3.1	HIGH	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:C) Breaking this can reach past the original component and bite other resources—bigger blast radius. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	3.9	4.0	[email protected]
7.5	3.1	HIGH	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	3.9	3.6	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

8.6

3.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C): Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:N): Doesn’t really leak secrets in a meaningful way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

3.9

4.0

[email protected]

7.5

3.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N): Doesn’t really leak secrets in a meaningful way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

3.9

3.6

[email protected]

Affected software / configurations for CVE-2024-20433

Vendor	Product	Version	Raw CPE
cisco	ios	12.0\(24\)s	cpe:2.3:o:cisco:ios:12.0\(24\)s:::::::*
cisco	ios	12.0\(24\)s1	cpe:2.3:o:cisco:ios:12.0\(24\)s1:::::::*
cisco	ios	12.0\(24\)s2	cpe:2.3:o:cisco:ios:12.0\(24\)s2:::::::*
cisco	ios	12.0\(24\)s2a	cpe:2.3:o:cisco:ios:12.0\(24\)s2a:::::::*
cisco	ios	12.0\(24\)s2b	cpe:2.3:o:cisco:ios:12.0\(24\)s2b:::::::*
cisco	ios	12.0\(24\)s3	cpe:2.3:o:cisco:ios:12.0\(24\)s3:::::::*
cisco	ios	12.0\(24\)s4	cpe:2.3:o:cisco:ios:12.0\(24\)s4:::::::*
cisco	ios	12.0\(24\)s4a	cpe:2.3:o:cisco:ios:12.0\(24\)s4a:::::::*
cisco	ios	12.0\(24\)s5	cpe:2.3:o:cisco:ios:12.0\(24\)s5:::::::*
cisco	ios	12.0\(24\)s6	cpe:2.3:o:cisco:ios:12.0\(24\)s6:::::::*
cisco	ios	12.0\(25\)s	cpe:2.3:o:cisco:ios:12.0\(25\)s:::::::*
cisco	ios	12.0\(25\)s1	cpe:2.3:o:cisco:ios:12.0\(25\)s1:::::::*
cisco	ios	12.0\(25\)s1a	cpe:2.3:o:cisco:ios:12.0\(25\)s1a:::::::*
cisco	ios	12.0\(25\)s1b	cpe:2.3:o:cisco:ios:12.0\(25\)s1b:::::::*
cisco	ios	12.0\(25\)s1c	cpe:2.3:o:cisco:ios:12.0\(25\)s1c:::::::*
cisco	ios	12.0\(25\)s1d	cpe:2.3:o:cisco:ios:12.0\(25\)s1d:::::::*
cisco	ios	12.0\(25\)s2	cpe:2.3:o:cisco:ios:12.0\(25\)s2:::::::*
cisco	ios	12.0\(25\)s3	cpe:2.3:o:cisco:ios:12.0\(25\)s3:::::::*
cisco	ios	12.0\(25\)s4	cpe:2.3:o:cisco:ios:12.0\(25\)s4:::::::*
cisco	ios	12.0\(25\)sx	cpe:2.3:o:cisco:ios:12.0\(25\)sx:::::::*
cisco	ios	12.0\(25\)sx1	cpe:2.3:o:cisco:ios:12.0\(25\)sx1:::::::*
cisco	ios	12.0\(25\)sx2	cpe:2.3:o:cisco:ios:12.0\(25\)sx2:::::::*
cisco	ios	12.0\(25\)sx3	cpe:2.3:o:cisco:ios:12.0\(25\)sx3:::::::*
cisco	ios	12.0\(25\)sx4	cpe:2.3:o:cisco:ios:12.0\(25\)sx4:::::::*
cisco	ios	12.0\(25\)sx5	cpe:2.3:o:cisco:ios:12.0\(25\)sx5:::::::*
cisco	ios	12.0\(25\)sx6	cpe:2.3:o:cisco:ios:12.0\(25\)sx6:::::::*
cisco	ios	12.0\(25\)sx6e	cpe:2.3:o:cisco:ios:12.0\(25\)sx6e:::::::*
cisco	ios	12.0\(25\)sx7	cpe:2.3:o:cisco:ios:12.0\(25\)sx7:::::::*
cisco	ios	12.0\(25\)sx8	cpe:2.3:o:cisco:ios:12.0\(25\)sx8:::::::*
cisco	ios	12.0\(25\)sx9	cpe:2.3:o:cisco:ios:12.0\(25\)sx9:::::::*
cisco	ios	12.0\(25\)sx10	cpe:2.3:o:cisco:ios:12.0\(25\)sx10:::::::*
cisco	ios	12.0\(26\)s	cpe:2.3:o:cisco:ios:12.0\(26\)s:::::::*
cisco	ios	12.0\(26\)s1	cpe:2.3:o:cisco:ios:12.0\(26\)s1:::::::*
cisco	ios	12.0\(26\)s2	cpe:2.3:o:cisco:ios:12.0\(26\)s2:::::::*
cisco	ios	12.0\(26\)s3	cpe:2.3:o:cisco:ios:12.0\(26\)s3:::::::*
cisco	ios	12.0\(26\)s4	cpe:2.3:o:cisco:ios:12.0\(26\)s4:::::::*
cisco	ios	12.0\(26\)s5	cpe:2.3:o:cisco:ios:12.0\(26\)s5:::::::*
cisco	ios	12.0\(26\)s6	cpe:2.3:o:cisco:ios:12.0\(26\)s6:::::::*
cisco	ios	12.0\(27\)s	cpe:2.3:o:cisco:ios:12.0\(27\)s:::::::*
cisco	ios	12.0\(27\)s1	cpe:2.3:o:cisco:ios:12.0\(27\)s1:::::::*
cisco	ios	12.0\(27\)s2	cpe:2.3:o:cisco:ios:12.0\(27\)s2:::::::*
cisco	ios	12.0\(27\)s3	cpe:2.3:o:cisco:ios:12.0\(27\)s3:::::::*
cisco	ios	12.0\(27\)s4	cpe:2.3:o:cisco:ios:12.0\(27\)s4:::::::*
cisco	ios	12.0\(27\)s5	cpe:2.3:o:cisco:ios:12.0\(27\)s5:::::::*
cisco	ios	12.0\(28\)s	cpe:2.3:o:cisco:ios:12.0\(28\)s:::::::*
cisco	ios	12.0\(28\)s1	cpe:2.3:o:cisco:ios:12.0\(28\)s1:::::::*
cisco	ios	12.0\(28\)s2	cpe:2.3:o:cisco:ios:12.0\(28\)s2:::::::*
cisco	ios	12.0\(28\)s3	cpe:2.3:o:cisco:ios:12.0\(28\)s3:::::::*
cisco	ios	12.0\(28\)s4	cpe:2.3:o:cisco:ios:12.0\(28\)s4:::::::*
cisco	ios	12.0\(28\)s5	cpe:2.3:o:cisco:ios:12.0\(28\)s5:::::::*
cisco	ios	12.0\(28\)s6	cpe:2.3:o:cisco:ios:12.0\(28\)s6:::::::*
cisco	ios	12.0\(29\)s	cpe:2.3:o:cisco:ios:12.0\(29\)s:::::::*
cisco	ios	12.0\(29\)s1	cpe:2.3:o:cisco:ios:12.0\(29\)s1:::::::*
cisco	ios	12.0\(30\)s	cpe:2.3:o:cisco:ios:12.0\(30\)s:::::::*
cisco	ios	12.0\(30\)s1	cpe:2.3:o:cisco:ios:12.0\(30\)s1:::::::*
cisco	ios	12.0\(30\)s2	cpe:2.3:o:cisco:ios:12.0\(30\)s2:::::::*
cisco	ios	12.0\(30\)s3	cpe:2.3:o:cisco:ios:12.0\(30\)s3:::::::*
cisco	ios	12.0\(30\)s4	cpe:2.3:o:cisco:ios:12.0\(30\)s4:::::::*
cisco	ios	12.0\(30\)s5	cpe:2.3:o:cisco:ios:12.0\(30\)s5:::::::*
cisco	ios	12.0\(30\)sz4	cpe:2.3:o:cisco:ios:12.0\(30\)sz4:::::::*
cisco	ios	12.0\(30\)sz5	cpe:2.3:o:cisco:ios:12.0\(30\)sz5:::::::*
cisco	ios	12.0\(30\)sz6	cpe:2.3:o:cisco:ios:12.0\(30\)sz6:::::::*
cisco	ios	12.0\(30\)sz8	cpe:2.3:o:cisco:ios:12.0\(30\)sz8:::::::*
cisco	ios	12.0\(30\)sz9	cpe:2.3:o:cisco:ios:12.0\(30\)sz9:::::::*
cisco	ios	12.0\(30\)sz10	cpe:2.3:o:cisco:ios:12.0\(30\)sz10:::::::*
cisco	ios	12.0\(31\)s	cpe:2.3:o:cisco:ios:12.0\(31\)s:::::::*
cisco	ios	12.0\(31\)s1	cpe:2.3:o:cisco:ios:12.0\(31\)s1:::::::*
cisco	ios	12.0\(31\)s2	cpe:2.3:o:cisco:ios:12.0\(31\)s2:::::::*
cisco	ios	12.0\(31\)s3	cpe:2.3:o:cisco:ios:12.0\(31\)s3:::::::*
cisco	ios	12.0\(31\)s4	cpe:2.3:o:cisco:ios:12.0\(31\)s4:::::::*
cisco	ios	12.0\(31\)s5	cpe:2.3:o:cisco:ios:12.0\(31\)s5:::::::*
cisco	ios	12.0\(31\)s6	cpe:2.3:o:cisco:ios:12.0\(31\)s6:::::::*
cisco	ios	12.0\(32\)s	cpe:2.3:o:cisco:ios:12.0\(32\)s:::::::*
cisco	ios	12.0\(32\)s1	cpe:2.3:o:cisco:ios:12.0\(32\)s1:::::::*
cisco	ios	12.0\(32\)s2	cpe:2.3:o:cisco:ios:12.0\(32\)s2:::::::*
cisco	ios	12.0\(32\)s3	cpe:2.3:o:cisco:ios:12.0\(32\)s3:::::::*
cisco	ios	12.0\(32\)s4	cpe:2.3:o:cisco:ios:12.0\(32\)s4:::::::*
cisco	ios	12.0\(32\)s5	cpe:2.3:o:cisco:ios:12.0\(32\)s5:::::::*
cisco	ios	12.0\(32\)s6	cpe:2.3:o:cisco:ios:12.0\(32\)s6:::::::*
cisco	ios	12.0\(32\)s7	cpe:2.3:o:cisco:ios:12.0\(32\)s7:::::::*

References for CVE-2024-20433

URL	Tags
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rsvp-dos-OypvgVZf	Vendor Advisory

URL

CVE-2024-20433

Exploit prediction scoring system (EPSS) score for CVE-2024-20433

Common vulnerability scoring system (CVSS) metrics for CVE-2024-20433

Weakness enumeration for CVE-2024-20433

Affected software / configurations for CVE-2024-20433

References for CVE-2024-20433