Vulnslist

find the latest Cisco vulnerabilities

Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability

cisco-sa-snmp-uhv6ZDeF · Medium · Published · Updated

A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device. This vulnerability is due to incorrect UDP forwarding programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by attempting to perform an SNMP operation using broadcast as the destination address that could be processed by an affected device that is configured with an SNMP server. A successful exploit could allow the attacker to communicate to the device on the configured SNMP ports. Although an unauthenticated attacker could send UDP datagrams to the configured SNMP port, only an authenticated user can retrieve or modify data using SNMP requests. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.  This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uhv6ZDeF This advisory is part of the March 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication.

Cisco advisory ·CSAF JSON

Workarounds

There is a workaround that addresses this vulnerability.

Disable UDP forwarding

UDP forwarding is enabled by default for DNS, TFTP, TACACS, IEN 116 Name Service, NetBIOS Name Service (NBNS), and NetBIOS Datagram Service (NBDS) protocols. UDP forwarding is not enabled by default for other UDP protocols.

If UDP forwarding is not required, a workaround is to disable UDP forwarding globally by using the forward-protocol udp disable command as shown in the following example:

RP/0/RSP0/CPU0:ios#configure terminal
RP/0/RSP0/CPU0:ios(config)#forward-protocol udp disable
RP/0/RSP0/CPU0:ios(config)#commit

Note: If UDP broadcast forwarding is required for any default protocol or if UDP broadcast forwarding has been configured with the forward-protocol udp command, this workaround cannot be used.

While this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVEsCVE-2024-20319
Cisco Bug IDsCSCwh31469
CVSS ScoreBase 4.3
Base 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco IOS XR Software

CSAF Product Statuses

Product Status Source CVE Rows
Cisco IOS XR Software known_affected cisco_csaf CVE-2024-20319 1

Related Products

Product CVE Evidence
Cisco IOS XR Software CVE-2024-20319 Cisco OpenVuln
Cisco IOS CVE-2024-20319 Cisco OpenVuln
Cisco IOS Software CVE-2024-20319 Cisco OpenVuln