Lucene search

CiscoCVE-2024-20304

HistorySep 11, 2024 - 5:15 p.m.

CVE-2024-20304

2024-09-1117:15:11

CWE-401

cisco

web.nvd.nist.gov

cisco

ios xr software

udp packet memory

mtrace2

remote attackers

dos

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

9.6%

JSON

A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device.

This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be able to process higher-level UDP-based protocols packets, possibly causing a denial of service (DoS) condition.
Note: This vulnerability can be exploited using IPv4 or IPv6.

Affected configurations

Vulners

Node

ciscoios_xr_softwareMatch7.8.1

ciscoios_xr_softwareMatch7.8.12

ciscoios_xr_softwareMatch7.7.1

ciscoios_xr_softwareMatch7.7.2

ciscoios_xr_softwareMatch7.9.1

ciscoios_xr_softwareMatch7.10.1

ciscoios_xr_softwareMatch7.8.2

ciscoios_xr_softwareMatch7.8.22

ciscoios_xr_softwareMatch7.7.21

ciscoios_xr_softwareMatch7.9.2

ciscoios_xr_softwareMatch7.11.1

ciscoios_xr_softwareMatch7.9.21

ciscoios_xr_softwareMatch7.10.2

ciscoios_xr_softwareMatch24.1.1

ciscoios_xr_softwareMatch7.11.2

ciscoios_xr_softwareMatch24.2.1

ciscoios_xr_softwareMatch24.1.2

ciscoios_xr_softwareMatch24.2.11

VendorProductVersionCPE
ciscoios_xr_software7.8.1cpe:2.3:o:cisco:ios_xr_software:7.8.1:*:*:*:*:*:*:*
ciscoios_xr_software7.8.12cpe:2.3:o:cisco:ios_xr_software:7.8.12:*:*:*:*:*:*:*
ciscoios_xr_software7.7.1cpe:2.3:o:cisco:ios_xr_software:7.7.1:*:*:*:*:*:*:*
ciscoios_xr_software7.7.2cpe:2.3:o:cisco:ios_xr_software:7.7.2:*:*:*:*:*:*:*
ciscoios_xr_software7.9.1cpe:2.3:o:cisco:ios_xr_software:7.9.1:*:*:*:*:*:*:*
ciscoios_xr_software7.10.1cpe:2.3:o:cisco:ios_xr_software:7.10.1:*:*:*:*:*:*:*
ciscoios_xr_software7.8.2cpe:2.3:o:cisco:ios_xr_software:7.8.2:*:*:*:*:*:*:*
ciscoios_xr_software7.8.22cpe:2.3:o:cisco:ios_xr_software:7.8.22:*:*:*:*:*:*:*
ciscoios_xr_software7.7.21cpe:2.3:o:cisco:ios_xr_software:7.7.21:*:*:*:*:*:*:*
ciscoios_xr_software7.9.2cpe:2.3:o:cisco:ios_xr_software:7.9.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xr_software	7.8.1	cpe:2.3:o:cisco:ios_xr_software:7.8.1:::::::*
cisco	ios_xr_software	7.8.12	cpe:2.3:o:cisco:ios_xr_software:7.8.12:::::::*
cisco	ios_xr_software	7.7.1	cpe:2.3:o:cisco:ios_xr_software:7.7.1:::::::*
cisco	ios_xr_software	7.7.2	cpe:2.3:o:cisco:ios_xr_software:7.7.2:::::::*
cisco	ios_xr_software	7.9.1	cpe:2.3:o:cisco:ios_xr_software:7.9.1:::::::*
cisco	ios_xr_software	7.10.1	cpe:2.3:o:cisco:ios_xr_software:7.10.1:::::::*
cisco	ios_xr_software	7.8.2	cpe:2.3:o:cisco:ios_xr_software:7.8.2:::::::*
cisco	ios_xr_software	7.8.22	cpe:2.3:o:cisco:ios_xr_software:7.8.22:::::::*
cisco	ios_xr_software	7.7.21	cpe:2.3:o:cisco:ios_xr_software:7.7.21:::::::*
cisco	ios_xr_software	7.9.2	cpe:2.3:o:cisco:ios_xr_software:7.9.2:::::::*

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco IOS XR Software",
    "versions": [
      {
        "version": "7.8.1",
        "status": "affected"
      },
      {
        "version": "7.8.12",
        "status": "affected"
      },
      {
        "version": "7.7.1",
        "status": "affected"
      },
      {
        "version": "7.7.2",
        "status": "affected"
      },
      {
        "version": "7.9.1",
        "status": "affected"
      },
      {
        "version": "7.10.1",
        "status": "affected"
      },
      {
        "version": "7.8.2",
        "status": "affected"
      },
      {
        "version": "7.8.22",
        "status": "affected"
      },
      {
        "version": "7.7.21",
        "status": "affected"
      },
      {
        "version": "7.9.2",
        "status": "affected"
      },
      {
        "version": "7.11.1",
        "status": "affected"
      },
      {
        "version": "7.9.21",
        "status": "affected"
      },
      {
        "version": "7.10.2",
        "status": "affected"
      },
      {
        "version": "24.1.1",
        "status": "affected"
      },
      {
        "version": "7.11.2",
        "status": "affected"
      },
      {
        "version": "24.2.1",
        "status": "affected"
      },
      {
        "version": "24.1.2",
        "status": "affected"
      },
      {
        "version": "24.2.11",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pak-mem-exhst-3ke9FeFy

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

9.6%

JSON

Related for CVE-2024-20304