Vulnerability-Lookup

BDU:2024-02280

Vulnerability from fstec - Published: 13.03.2024

Title

Уязвимость сервера Simple Network Management Plane (SNMP) операционной системы Cisco IOS, позволяющая нарушителю обойти ограничения безопасности

Description

Уязвимость сервера Simple Network Management Plane (SNMP) операционной системы Cisco IOS связана с недостатками разграничения доступа на основе списка управления доступом (ACL). Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти ограничения безопасности

Severity ?


                    
                      AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Vendor

Cisco Systems Inc.

Software Name

Cisco IOS XR

Software Version

до 24.1.1 (Cisco IOS XR)

Possible Mitigations

Использование рекомендаций: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uhv6ZDeF

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uhv6ZDeF https://vuldb.com/?id.256734

CWE

CWE-284

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
  "CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 24.1.1 (Cisco IOS XR)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uhv6ZDeF",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.03.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "25.03.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.03.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-02280",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-20319",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco IOS XR",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Cisco Systems Inc. Cisco IOS XR \u0434\u043e 24.1.1 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Simple Network Management Plane (SNMP) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Simple Network Management Plane (SNMP) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0441\u043f\u0438\u0441\u043a\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (ACL). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uhv6ZDeF\nhttps://vuldb.com/?id.256734",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}

CVE-2024-20319 (GCVE-0-2024-20319)

Vulnerability from cvelistv5 – Published: 2024-03-13 16:47 – Updated: 2024-08-01 21:59

Summary

A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device. This vulnerability is due to incorrect UDP forwarding programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by attempting to perform an SNMP operation using broadcast as the destination address that could be processed by an affected device that is configured with an SNMP server. A successful exploit could allow the attacker to communicate to the device on the configured SNMP ports. Although an unauthenticated attacker could send UDP datagrams to the configured SNMP port, only an authenticated user can retrieve or modify data using SNMP requests.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-284 - Improper Access Control

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

	Vendor	Product	Version
	Cisco	Cisco IOS XR Software	Affected: 5.2.0 Affected: 5.2.1 Affected: 5.2.2 Affected: 5.2.4 Affected: 5.2.3 Affected: 5.2.5 Affected: 5.2.47 Affected: 5.3.0 Affected: 5.3.1 Affected: 5.3.2 Affected: 5.3.3 Affected: 5.3.4 Affected: 6.0.0 Affected: 6.0.1 Affected: 6.0.2 Affected: 6.1.1 Affected: 6.1.2 Affected: 6.1.3 Affected: 6.1.4 Affected: 6.1.12 Affected: 6.1.22 Affected: 6.1.32 Affected: 6.1.36 Affected: 6.1.42 Affected: 6.2.1 Affected: 6.2.2 Affected: 6.2.3 Affected: 6.2.25 Affected: 6.2.11 Affected: 6.3.2 Affected: 6.3.3 Affected: 6.3.15 Affected: 6.4.1 Affected: 6.4.2 Affected: 6.4.3 Affected: 6.5.1 Affected: 6.5.2 Affected: 6.5.3 Affected: 6.5.25 Affected: 6.5.26 Affected: 6.5.28 Affected: 6.5.29 Affected: 6.5.32 Affected: 6.5.33 Affected: 6.6.2 Affected: 6.6.3 Affected: 6.6.25 Affected: 6.6.4 Affected: 7.0.1 Affected: 7.0.2 Affected: 7.0.12 Affected: 7.0.14 Affected: 7.1.1 Affected: 7.1.15 Affected: 7.1.2 Affected: 7.1.3 Affected: 6.7.1 Affected: 6.7.2 Affected: 6.7.3 Affected: 6.7.4 Affected: 7.2.0 Affected: 7.2.1 Affected: 7.2.2 Affected: 7.3.1 Affected: 7.3.15 Affected: 7.3.2 Affected: 7.3.3 Affected: 7.3.5 Affected: 7.3.6 Affected: 7.4.1 Affected: 7.4.2 Affected: 6.8.1 Affected: 6.8.2 Affected: 7.5.1 Affected: 7.5.3 Affected: 7.5.2 Affected: 7.5.4 Affected: 7.5.5 Affected: 7.6.1 Affected: 7.6.2 Affected: 7.7.1 Affected: 7.7.2 Affected: 7.7.21 Affected: 6.9.1 Affected: 6.9.2 Affected: 7.8.1 Affected: 7.8.2 Affected: 7.9.1 Affected: 7.9.2 Affected: 7.9.21 Affected: 7.10.1 Affected: 7.10.2 Affected: 7.11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:cisco:ios_xr:5.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:5.2.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:5.2.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:5.2.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:5.2.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:5.2.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:5.2.47:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:5.3.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:5.3.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:5.3.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:5.3.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:5.3.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.0.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.0.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.1.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.1.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.1.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.1.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.1.12:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.1.22:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.1.32:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.1.36:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.1.42:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.2.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.2.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.2.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.2.25:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.2.11:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.3.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.3.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.3.15:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.4.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.4.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.4.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.5.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.5.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.5.25:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.5.26:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.5.28:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.5.29:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.5.32:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.5.33:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.6.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.6.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.0.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.0.12:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.0.14:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.1.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.1.15:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.1.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.1.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.7.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.7.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.7.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.7.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.2.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.2.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.3.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.3.15:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.3.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.3.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.3.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.3.6:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.4.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.4.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.8.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.8.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.5.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.5.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.5.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.5.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.5.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.6.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.6.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.7.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.7.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.7.21:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.9.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:6.9.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.8.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.8.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.9.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.9.21:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.10.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xr:7.11.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ios_xr",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "5.2.0"
              },
              {
                "status": "affected",
                "version": "5.2.1"
              },
              {
                "status": "affected",
                "version": "5.2.2"
              },
              {
                "status": "affected",
                "version": "5.2.4"
              },
              {
                "status": "affected",
                "version": "5.2.3"
              },
              {
                "status": "affected",
                "version": "5.2.5"
              },
              {
                "status": "affected",
                "version": "5.2.47"
              },
              {
                "status": "affected",
                "version": "5.3.0"
              },
              {
                "status": "affected",
                "version": "5.3.1"
              },
              {
                "status": "affected",
                "version": "5.3.2"
              },
              {
                "status": "affected",
                "version": "5.3.3"
              },
              {
                "status": "affected",
                "version": "5.3.4"
              },
              {
                "status": "affected",
                "version": "6.0.0"
              },
              {
                "status": "affected",
                "version": "6.0.1"
              },
              {
                "status": "affected",
                "version": "6.0.2"
              },
              {
                "status": "affected",
                "version": "6.1.1"
              },
              {
                "status": "affected",
                "version": "6.1.2"
              },
              {
                "status": "affected",
                "version": "6.1.3"
              },
              {
                "status": "affected",
                "version": "6.1.4"
              },
              {
                "status": "affected",
                "version": "6.1.12"
              },
              {
                "status": "affected",
                "version": "6.1.22"
              },
              {
                "status": "affected",
                "version": "6.1.32"
              },
              {
                "status": "affected",
                "version": "6.1.36"
              },
              {
                "status": "affected",
                "version": "6.1.42"
              },
              {
                "status": "affected",
                "version": "6.2.1"
              },
              {
                "status": "affected",
                "version": "6.2.2"
              },
              {
                "status": "affected",
                "version": "6.2.3"
              },
              {
                "status": "affected",
                "version": "6.2.25"
              },
              {
                "status": "affected",
                "version": "6.2.11"
              },
              {
                "status": "affected",
                "version": "6.3.2"
              },
              {
                "status": "affected",
                "version": "6.3.3"
              },
              {
                "status": "affected",
                "version": "6.3.15"
              },
              {
                "status": "affected",
                "version": "6.4.1"
              },
              {
                "status": "affected",
                "version": "6.4.2"
              },
              {
                "status": "affected",
                "version": "6.4.3"
              },
              {
                "status": "affected",
                "version": "6.5.1"
              },
              {
                "status": "affected",
                "version": "6.5.2"
              },
              {
                "status": "affected",
                "version": "6.5.3"
              },
              {
                "status": "affected",
                "version": "6.5.25"
              },
              {
                "status": "affected",
                "version": "6.5.26"
              },
              {
                "status": "affected",
                "version": "6.5.28"
              },
              {
                "status": "affected",
                "version": "6.5.29"
              },
              {
                "status": "affected",
                "version": "6.5.32"
              },
              {
                "status": "affected",
                "version": "6.5.33"
              },
              {
                "status": "affected",
                "version": "6.6.2"
              },
              {
                "status": "affected",
                "version": "6.6.3"
              },
              {
                "status": "affected",
                "version": "6.6.25"
              },
              {
                "status": "affected",
                "version": "6.6.4"
              },
              {
                "status": "affected",
                "version": "7.0.1"
              },
              {
                "status": "affected",
                "version": "7.0.2"
              },
              {
                "status": "affected",
                "version": "7.0.12"
              },
              {
                "status": "affected",
                "version": "7.0.14"
              },
              {
                "status": "affected",
                "version": "7.1.1"
              },
              {
                "status": "affected",
                "version": "7.1.15"
              },
              {
                "status": "affected",
                "version": "7.1.2"
              },
              {
                "status": "affected",
                "version": "7.1.3"
              },
              {
                "status": "affected",
                "version": "6.7.1"
              },
              {
                "status": "affected",
                "version": "6.7.2"
              },
              {
                "status": "affected",
                "version": "6.7.3"
              },
              {
                "status": "affected",
                "version": "6.7.4"
              },
              {
                "status": "affected",
                "version": "7.2.0"
              },
              {
                "status": "affected",
                "version": "7.2.1"
              },
              {
                "status": "affected",
                "version": "7.2.2"
              },
              {
                "status": "affected",
                "version": "7.3.1"
              },
              {
                "status": "affected",
                "version": "7.3.15"
              },
              {
                "status": "affected",
                "version": "7.3.2"
              },
              {
                "status": "affected",
                "version": "7.3.3"
              },
              {
                "status": "affected",
                "version": "7.3.5"
              },
              {
                "status": "affected",
                "version": "7.3.6"
              },
              {
                "status": "affected",
                "version": "7.4.1"
              },
              {
                "status": "affected",
                "version": "7.4.2"
              },
              {
                "status": "affected",
                "version": "6.8.1"
              },
              {
                "status": "affected",
                "version": "6.8.2"
              },
              {
                "status": "affected",
                "version": "7.5.1"
              },
              {
                "status": "affected",
                "version": "7.5.3"
              },
              {
                "status": "affected",
                "version": "7.5.2"
              },
              {
                "status": "affected",
                "version": "7.5.4"
              },
              {
                "status": "affected",
                "version": "7.5.5"
              },
              {
                "status": "affected",
                "version": "7.6.1"
              },
              {
                "status": "affected",
                "version": "7.6.2"
              },
              {
                "status": "affected",
                "version": "7.7.1"
              },
              {
                "status": "affected",
                "version": "7.7.2"
              },
              {
                "status": "affected",
                "version": "7.7.21"
              },
              {
                "status": "affected",
                "version": "6.9.1"
              },
              {
                "status": "affected",
                "version": "6.9.2"
              },
              {
                "status": "affected",
                "version": "7.8.1"
              },
              {
                "status": "affected",
                "version": "7.8.2"
              },
              {
                "status": "affected",
                "version": "7.9.1"
              },
              {
                "status": "affected",
                "version": "7.9.2"
              },
              {
                "status": "affected",
                "version": "7.9.21"
              },
              {
                "status": "affected",
                "version": "7.10.1"
              },
              {
                "status": "affected",
                "version": "7.10.2"
              },
              {
                "status": "affected",
                "version": "7.11.1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20319",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-13T18:12:01.807199Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-02T16:26:46.466Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:41.556Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-snmp-uhv6ZDeF",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uhv6ZDeF"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XR Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "5.2.0"
            },
            {
              "status": "affected",
              "version": "5.2.1"
            },
            {
              "status": "affected",
              "version": "5.2.2"
            },
            {
              "status": "affected",
              "version": "5.2.4"
            },
            {
              "status": "affected",
              "version": "5.2.3"
            },
            {
              "status": "affected",
              "version": "5.2.5"
            },
            {
              "status": "affected",
              "version": "5.2.47"
            },
            {
              "status": "affected",
              "version": "5.3.0"
            },
            {
              "status": "affected",
              "version": "5.3.1"
            },
            {
              "status": "affected",
              "version": "5.3.2"
            },
            {
              "status": "affected",
              "version": "5.3.3"
            },
            {
              "status": "affected",
              "version": "5.3.4"
            },
            {
              "status": "affected",
              "version": "6.0.0"
            },
            {
              "status": "affected",
              "version": "6.0.1"
            },
            {
              "status": "affected",
              "version": "6.0.2"
            },
            {
              "status": "affected",
              "version": "6.1.1"
            },
            {
              "status": "affected",
              "version": "6.1.2"
            },
            {
              "status": "affected",
              "version": "6.1.3"
            },
            {
              "status": "affected",
              "version": "6.1.4"
            },
            {
              "status": "affected",
              "version": "6.1.12"
            },
            {
              "status": "affected",
              "version": "6.1.22"
            },
            {
              "status": "affected",
              "version": "6.1.32"
            },
            {
              "status": "affected",
              "version": "6.1.36"
            },
            {
              "status": "affected",
              "version": "6.1.42"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "6.2.2"
            },
            {
              "status": "affected",
              "version": "6.2.3"
            },
            {
              "status": "affected",
              "version": "6.2.25"
            },
            {
              "status": "affected",
              "version": "6.2.11"
            },
            {
              "status": "affected",
              "version": "6.3.2"
            },
            {
              "status": "affected",
              "version": "6.3.3"
            },
            {
              "status": "affected",
              "version": "6.3.15"
            },
            {
              "status": "affected",
              "version": "6.4.1"
            },
            {
              "status": "affected",
              "version": "6.4.2"
            },
            {
              "status": "affected",
              "version": "6.4.3"
            },
            {
              "status": "affected",
              "version": "6.5.1"
            },
            {
              "status": "affected",
              "version": "6.5.2"
            },
            {
              "status": "affected",
              "version": "6.5.3"
            },
            {
              "status": "affected",
              "version": "6.5.25"
            },
            {
              "status": "affected",
              "version": "6.5.26"
            },
            {
              "status": "affected",
              "version": "6.5.28"
            },
            {
              "status": "affected",
              "version": "6.5.29"
            },
            {
              "status": "affected",
              "version": "6.5.32"
            },
            {
              "status": "affected",
              "version": "6.5.33"
            },
            {
              "status": "affected",
              "version": "6.6.2"
            },
            {
              "status": "affected",
              "version": "6.6.3"
            },
            {
              "status": "affected",
              "version": "6.6.25"
            },
            {
              "status": "affected",
              "version": "6.6.4"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            },
            {
              "status": "affected",
              "version": "7.0.12"
            },
            {
              "status": "affected",
              "version": "7.0.14"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.1.15"
            },
            {
              "status": "affected",
              "version": "7.1.2"
            },
            {
              "status": "affected",
              "version": "7.1.3"
            },
            {
              "status": "affected",
              "version": "6.7.1"
            },
            {
              "status": "affected",
              "version": "6.7.2"
            },
            {
              "status": "affected",
              "version": "6.7.3"
            },
            {
              "status": "affected",
              "version": "6.7.4"
            },
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.3.15"
            },
            {
              "status": "affected",
              "version": "7.3.2"
            },
            {
              "status": "affected",
              "version": "7.3.3"
            },
            {
              "status": "affected",
              "version": "7.3.5"
            },
            {
              "status": "affected",
              "version": "7.3.6"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.4.2"
            },
            {
              "status": "affected",
              "version": "6.8.1"
            },
            {
              "status": "affected",
              "version": "6.8.2"
            },
            {
              "status": "affected",
              "version": "7.5.1"
            },
            {
              "status": "affected",
              "version": "7.5.3"
            },
            {
              "status": "affected",
              "version": "7.5.2"
            },
            {
              "status": "affected",
              "version": "7.5.4"
            },
            {
              "status": "affected",
              "version": "7.5.5"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.7.1"
            },
            {
              "status": "affected",
              "version": "7.7.2"
            },
            {
              "status": "affected",
              "version": "7.7.21"
            },
            {
              "status": "affected",
              "version": "6.9.1"
            },
            {
              "status": "affected",
              "version": "6.9.2"
            },
            {
              "status": "affected",
              "version": "7.8.1"
            },
            {
              "status": "affected",
              "version": "7.8.2"
            },
            {
              "status": "affected",
              "version": "7.9.1"
            },
            {
              "status": "affected",
              "version": "7.9.2"
            },
            {
              "status": "affected",
              "version": "7.9.21"
            },
            {
              "status": "affected",
              "version": "7.10.1"
            },
            {
              "status": "affected",
              "version": "7.10.2"
            },
            {
              "status": "affected",
              "version": "7.11.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device.\r\n\r This vulnerability is due to incorrect UDP forwarding programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by attempting to perform an SNMP operation using broadcast as the destination address that could be processed by an affected device that is configured with an SNMP server. A successful exploit could allow the attacker to communicate to the device on the configured SNMP ports. Although an unauthenticated attacker could send UDP datagrams to the configured SNMP port, only an authenticated user can retrieve or modify data using SNMP requests."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-13T16:47:09.543Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-snmp-uhv6ZDeF",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uhv6ZDeF"
        }
      ],
      "source": {
        "advisory": "cisco-sa-snmp-uhv6ZDeF",
        "defects": [
          "CSCwh31469"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20319",
    "datePublished": "2024-03-13T16:47:09.543Z",
    "dateReserved": "2023-11-08T15:08:07.632Z",
    "dateUpdated": "2024-08-01T21:59:41.556Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-02280

CVE-2024-20319 (GCVE-0-2024-20319)

Tags

Sightings

Nomenclature