CVE-2024-20304

CWE-401Memory Leak4 documents4 sources
Severity
7.5HIGH
EPSS
0.6%
top 31.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedSep 11

Description

A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device. This vulnerability exists because the Mtrace2 code does not properly handle packet memory. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to exhaust the incoming UDP packet memory. The affected device wou

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_software18 versions+17
NVDcisco/ios_xr18 versions+17

🔴Vulnerability Details

2
CVEList
Cisco IOS XR Software Packet Memory Exhaustion Vulnerability2024-09-11
GHSA
GHSA-3252-jgxw-qhmv: A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to ex2024-09-11

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software UDP Packet Memory Exhaustion Vulnerability2024-09-11
CVE-2024-20304 (HIGH CVSS 7.5) | A vulnerability in the multicast tr | cvebase.io