Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-PAK-MEM-EXHST-3KE9FEFY-IOSXR.NASL
HistorySep 13, 2024 - 12:00 a.m.

Cisco IOS XR Software UDP Packet Memory Exhaustion (cisco-sa-pak-mem-exhst-3ke9FeFy)

2024-09-1300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
2
cisco ios xr
mtrace2
udp packet memory
vulnerability
denial of service
ipv4
ipv6

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.5

Confidence

High

JSON

According to its self-reported version, Cisco IOS XR is affected by a vulnerability.

  • A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device. This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be able to process higher-level UDP-based protocols packets, possibly causing a denial of service (DoS) condition.
    Note: This vulnerability can be exploited using IPv4 or IPv6. (CVE-2024-20304)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

#TRUSTED 7d6fdb6bf6cb1b55e466a45f3e8acac7de843cfa8479b45b40548108b04c3f515b5c695b679e150c9b0b0e6e187a4a973369029e9254c7ce2323d2c02d470a5604117be21f154ea59c8030908b911a86337035fc6f06bcd975bb45359f4e0787dfb504a62b89177a3fff27281893d89d09e9b59b96bff87ba6046941f0d2a4f76f894f4e0496352d160c60321e3e06d92c1f0f61da91a509dd7d8cd331a876e6b1511d72b466c2d426b5989ce2828cd7daef328f01a14bdc81e147743e831eab7d35a5f84451bbe43e916229e8d570542f4c4c69a99479e651d802703ed9bf483da7839eb11562c03906b262cc8203d4e172485b560d8938a2eac671db1c8c6945c2754a8f0f66ec4f584b0863e2bcb782bd2a9f7b370b58125662785e81c885a66eced980c119fbc47ada50a33b38d7e912c88d8e0c7c2c2ba829b9c02c78a98e4e81b8c67dd64920312f59bd00c6fbc60969fdbfb9740470dd8d2fc2389d0951a18cec356f0d96208f066360d86151f235cd6c4d85c8bf716f837a3450af83ed9b3d32a15449bb0038699e8b68b3b232c01a2c1dad678a7d217699b37f44d25b6c52f2de4e7a16048f18f47e04f21a0204a958bedcdd36f1e322812ad22b97c4e6ddf45b2e5abae48eac3d6c029139fa09fdbc2542c8ea62b3ace9881199afbefc56e9181040b91518a93fd10e5d1f389158d9ce26788ccf7911b1f9ddd395
#TRUST-RSA-SHA256 a6354a513084e4932d0393e70e1233f633863aafd045ed13faed413e5ce0202511ec4921882acd2dc13fe9eff36f38b2e4ce062e05801428be1f961f7428ce1a28aa2a450c53520291bcd953aa5541efaec4d88725ee4b1df2a6b5dbd894b4f40f468d5eb7f7ca915928bf5cf66bd73454114a47a55baaa8d51ab2c48273767825400c28eb4d45cddd6de0c21257dd25b7b7117821abc10237668d0dc21131641f64b74fe698935266b65027171a0be0a64f6b1f691137e37bfa98530c67783228ad05e457d618b0f6b30f6b95e5828a00be5818ebfffcaab3024f523d2839178031f9fbe4774911213401143ea3b53dcb78f964a07bc4a42e0218f308d139eadf7185cc88ee82d63d3312a8e745c2cf65aac7e8e6308bc7558db4b5dce744c82ca524b4ac82580409d602aeb7376182256a5e1a9fd82980b34340c89186f1c3f1b5ada60bde460de60013d5817263501b440b7f4dc42748d6efb0aa9158b69f998fa029529e98c1043af73002aa7e55f1ea332d9f18821b9cbb10e7fad3dbe894b9820701206b7818b7ae7a42f4e63b2b4b9f52572534fabe5773530effe57f717324f06b35bd7dce09d5d57d3cd020ef61d7efa4459d44b9bd81400cb74a673cb3fc027c31d69f3652fdf128c33436a2cdbe69a0c049f53df9fcd5edf039dc9a1c535d2f36f3201ccfbde63433bf86a5e6bf4c65ff3da86ef9ddd7e37d0b7d
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(207233);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/13");

  script_cve_id("CVE-2024-20304");
  script_xref(name:"IAVA", value:"2024-A-0573");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwk63828");
  script_xref(name:"CISCO-SA", value:"cisco-sa-pak-mem-exhst-3ke9FeFy");

  script_name(english:"Cisco IOS XR Software UDP Packet Memory Exhaustion (cisco-sa-pak-mem-exhst-3ke9FeFy)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS XR is affected by a vulnerability.

  - A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could
    allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device. This
    vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could
    exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could
    allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be able to
    process higher-level UDP-based protocols packets, possibly causing a denial of service (DoS) condition.
    Note: This vulnerability can be exploited using IPv4 or IPv6. (CVE-2024-20304)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pak-mem-exhst-3ke9FeFy
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?328e8a07");
  # https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75416
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a636b5a5");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk63828");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwk63828");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20304");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(401);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/09/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/09/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/09/13");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_xr_version.nasl");
  script_require_keys("Host/Cisco/IOS-XR/Version", "Settings/ParanoidReport");

  exit(0);
}

include('cisco_workarounds.inc');
include('ccf.inc');

if (report_paranoia < 2)
  audit(AUDIT_PARANOID);

var product_info = cisco::get_product_info(name:'Cisco IOS XR');

var model = toupper(product_info.model);
var smus;

if ('IOSXRWBD' >< model)
{
    smus['7.7.2'] = 'CSCwm05729';
}

if ('IOSXRWBDNCS5500' >< model)
{
    smus['7.11.2'] = 'CSCwm05729ncs5500-7.11.2.CSCwm05729';
}

if ('8000 Series' >< model)
{
    smus['24.1.2'] = 'CSCwm05729';
}

var vuln_ranges = [
  { 'min_ver' : '7.7', 'fix_ver' : '7.11.21', 'fixed_display' : 'See vendor advisory'},
  { 'min_ver' : '24.1', 'fix_ver' : '24.2.2', 'fixed_display' : 'See vendor advisory' }
];


var reporting = make_array(
  'port'    , product_info['port'],
  'severity', SECURITY_HOLE,
  'version' , product_info['version'],
  'bug_id'  , 'CSCwk63828'
);

cisco::check_and_report(
  product_info:product_info,
  reporting:reporting,
  vuln_ranges:vuln_ranges,
  smus:smus
);

Related

nvd 1
cvelist 1
cisco 1
vulnrichment 1
cve 1
nvd
nvd
CVE-2024-20304
2024-09-11 17:15:11
cvelist
cvelist
CVE-2024-20304 Cisco IOS XR Software Packet Memory Exhaustion Vulnerability
2024-09-11 16:39:54
cisco
cisco
Cisco IOS XR Software UDP Packet Memory Exhaustion Vulnerability
2024-09-11 16:00:00
vulnrichment
vulnrichment
CVE-2024-20304 Cisco IOS XR Software Packet Memory Exhaustion Vulnerability
2024-09-11 16:39:54
cve
cve
CVE-2024-20304
2024-09-11 17:15:11

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.5

Confidence

High

JSON
Related for CISCO-SA-PAK-MEM-EXHST-3KE9FEFY-IOSXR.NASL
nvd1cvelist1cisco1vulnrichment1cve1