CVE-2024-20304

Summary

CVE-2024-20304 is a vulnerability found in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software, which could allow an unauthenticated attacker to exhaust the UDP packet memory on affected devices. This issue arises due to improper handling of packet memory within the Mtrace2 code, enabling exploitation through crafted packets sent to the device. A successful attack can lead to a denial of service (DoS) situation, as incoming UDP-based protocols would be unable to be processed. Products affected include various models in the Cisco IOS XR Software line, and remediation involves applying patches or updates provided by Cisco. The vulnerability is rated with a high severity score of 8.6, indicating significant potential impact on availability without requiring user interaction or elevated privileges for exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.