CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
According to its self-reported version, Cisco IOS XR is affected by a vulnerability.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
#TRUSTED 7d6fdb6bf6cb1b55e466a45f3e8acac7de843cfa8479b45b40548108b04c3f515b5c695b679e150c9b0b0e6e187a4a973369029e9254c7ce2323d2c02d470a5604117be21f154ea59c8030908b911a86337035fc6f06bcd975bb45359f4e0787dfb504a62b89177a3fff27281893d89d09e9b59b96bff87ba6046941f0d2a4f76f894f4e0496352d160c60321e3e06d92c1f0f61da91a509dd7d8cd331a876e6b1511d72b466c2d426b5989ce2828cd7daef328f01a14bdc81e147743e831eab7d35a5f84451bbe43e916229e8d570542f4c4c69a99479e651d802703ed9bf483da7839eb11562c03906b262cc8203d4e172485b560d8938a2eac671db1c8c6945c2754a8f0f66ec4f584b0863e2bcb782bd2a9f7b370b58125662785e81c885a66eced980c119fbc47ada50a33b38d7e912c88d8e0c7c2c2ba829b9c02c78a98e4e81b8c67dd64920312f59bd00c6fbc60969fdbfb9740470dd8d2fc2389d0951a18cec356f0d96208f066360d86151f235cd6c4d85c8bf716f837a3450af83ed9b3d32a15449bb0038699e8b68b3b232c01a2c1dad678a7d217699b37f44d25b6c52f2de4e7a16048f18f47e04f21a0204a958bedcdd36f1e322812ad22b97c4e6ddf45b2e5abae48eac3d6c029139fa09fdbc2542c8ea62b3ace9881199afbefc56e9181040b91518a93fd10e5d1f389158d9ce26788ccf7911b1f9ddd395
#TRUST-RSA-SHA256 a6354a513084e4932d0393e70e1233f633863aafd045ed13faed413e5ce0202511ec4921882acd2dc13fe9eff36f38b2e4ce062e05801428be1f961f7428ce1a28aa2a450c53520291bcd953aa5541efaec4d88725ee4b1df2a6b5dbd894b4f40f468d5eb7f7ca915928bf5cf66bd73454114a47a55baaa8d51ab2c48273767825400c28eb4d45cddd6de0c21257dd25b7b7117821abc10237668d0dc21131641f64b74fe698935266b65027171a0be0a64f6b1f691137e37bfa98530c67783228ad05e457d618b0f6b30f6b95e5828a00be5818ebfffcaab3024f523d2839178031f9fbe4774911213401143ea3b53dcb78f964a07bc4a42e0218f308d139eadf7185cc88ee82d63d3312a8e745c2cf65aac7e8e6308bc7558db4b5dce744c82ca524b4ac82580409d602aeb7376182256a5e1a9fd82980b34340c89186f1c3f1b5ada60bde460de60013d5817263501b440b7f4dc42748d6efb0aa9158b69f998fa029529e98c1043af73002aa7e55f1ea332d9f18821b9cbb10e7fad3dbe894b9820701206b7818b7ae7a42f4e63b2b4b9f52572534fabe5773530effe57f717324f06b35bd7dce09d5d57d3cd020ef61d7efa4459d44b9bd81400cb74a673cb3fc027c31d69f3652fdf128c33436a2cdbe69a0c049f53df9fcd5edf039dc9a1c535d2f36f3201ccfbde63433bf86a5e6bf4c65ff3da86ef9ddd7e37d0b7d
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(207233);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/13");
script_cve_id("CVE-2024-20304");
script_xref(name:"IAVA", value:"2024-A-0573");
script_xref(name:"CISCO-BUG-ID", value:"CSCwk63828");
script_xref(name:"CISCO-SA", value:"cisco-sa-pak-mem-exhst-3ke9FeFy");
script_name(english:"Cisco IOS XR Software UDP Packet Memory Exhaustion (cisco-sa-pak-mem-exhst-3ke9FeFy)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS XR is affected by a vulnerability.
- A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could
allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device. This
vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could
exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could
allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be able to
process higher-level UDP-based protocols packets, possibly causing a denial of service (DoS) condition.
Note: This vulnerability can be exploited using IPv4 or IPv6. (CVE-2024-20304)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pak-mem-exhst-3ke9FeFy
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?328e8a07");
# https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75416
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a636b5a5");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk63828");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwk63828");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20304");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(401);
script_set_attribute(attribute:"vuln_publication_date", value:"2024/09/11");
script_set_attribute(attribute:"patch_publication_date", value:"2024/09/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/09/13");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xr_version.nasl");
script_require_keys("Host/Cisco/IOS-XR/Version", "Settings/ParanoidReport");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
if (report_paranoia < 2)
audit(AUDIT_PARANOID);
var product_info = cisco::get_product_info(name:'Cisco IOS XR');
var model = toupper(product_info.model);
var smus;
if ('IOSXRWBD' >< model)
{
smus['7.7.2'] = 'CSCwm05729';
}
if ('IOSXRWBDNCS5500' >< model)
{
smus['7.11.2'] = 'CSCwm05729ncs5500-7.11.2.CSCwm05729';
}
if ('8000 Series' >< model)
{
smus['24.1.2'] = 'CSCwm05729';
}
var vuln_ranges = [
{ 'min_ver' : '7.7', 'fix_ver' : '7.11.21', 'fixed_display' : 'See vendor advisory'},
{ 'min_ver' : '24.1', 'fix_ver' : '24.2.2', 'fixed_display' : 'See vendor advisory' }
];
var reporting = make_array(
'port' , product_info['port'],
'severity', SECURITY_HOLE,
'version' , product_info['version'],
'bug_id' , 'CSCwk63828'
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_ranges:vuln_ranges,
smus:smus
);
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High