Cisco IOS XR Software UDP Packet Memory Exhaustion (cisco-sa-pak-mem-exhst-3ke9FeFy)

high Nessus Plugin ID 207233

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco IOS XR is affected by a vulnerability.

- A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device. This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to exhaust the incoming UDP packet memory. The affected device would not be able to process higher-level UDP-based protocols packets, possibly causing a denial of service (DoS) condition.
Note: This vulnerability can be exploited using IPv4 or IPv6. (CVE-2024-20304)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwk63828

See Also

http://www.nessus.org/u?328e8a07

http://www.nessus.org/u?a636b5a5

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk63828

Plugin Details

Severity: High

ID: 207233

File Name: cisco-sa-pak-mem-exhst-3ke9FeFy-iosxr.nasl

Version: 1.3

Type: combined

Family: CISCO

Published: 9/13/2024

Updated: 10/4/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2024-20304

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xr

Required KB Items: Settings/ParanoidReport, Host/Cisco/IOS-XR/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/11/2024

Vulnerability Publication Date: 9/11/2024

Reference Information

CVE: CVE-2024-20304

CWE: 401

CISCO-SA: cisco-sa-pak-mem-exhst-3ke9FeFy

IAVA: 2024-A-0573

CISCO-BUG-ID: CSCwk63828