Lucene search

CiscoVULNRICHMENT:CVE-2024-20304

HistorySep 11, 2024 - 4:39 p.m.

CVE-2024-20304 Cisco IOS XR Software Packet Memory Exhaustion Vulnerability

2024-09-1116:39:54

cisco

github.com

cisco ios xr

mtrace2

udp

packet memory

exhaustion

vulnerability

remote attacker

dos

ipv4

ipv6

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

9.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device.

This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be able to process higher-level UDP-based protocols packets, possibly causing a denial of service (DoS) condition.
Note: This vulnerability can be exploited using IPv4 or IPv6.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*"
    ],
    "vendor": "cisco",
    "product": "ios_xr",
    "versions": [
      {
        "status": "affected",
        "version": "7.8.1"
      },
      {
        "status": "affected",
        "version": "7.8.12"
      },
      {
        "status": "affected",
        "version": "7.7.1"
      },
      {
        "status": "affected",
        "version": "7.7.2"
      },
      {
        "status": "affected",
        "version": "7.9.1"
      },
      {
        "status": "affected",
        "version": "7.10.1"
      },
      {
        "status": "affected",
        "version": "7.8.2"
      },
      {
        "status": "affected",
        "version": "7.8.22"
      },
      {
        "status": "affected",
        "version": "7.7.21"
      },
      {
        "status": "affected",
        "version": "7.9.2"
      },
      {
        "status": "affected",
        "version": "7.11.1"
      },
      {
        "status": "affected",
        "version": "7.9.21"
      },
      {
        "status": "affected",
        "version": "7.10.2"
      },
      {
        "status": "affected",
        "version": "24.1.1"
      },
      {
        "status": "affected",
        "version": "7.11.2"
      },
      {
        "status": "affected",
        "version": "24.2.1"
      },
      {
        "status": "affected",
        "version": "24.1.2"
      },
      {
        "status": "affected",
        "version": "24.2.11"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pak-mem-exhst-3ke9FeFy

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

9.6%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-20304