CVE-2024-2169 - Vulnerability Details - OpenCVE

Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01173.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/09/04/1
https://kb.cert.org/vuls/id/417980
https://nvd.nist.gov/vuln/detail/CVE-2024-2169
https://www.cve.org/CVERecord?id=CVE-2024-2169
https://www.kb.cert.org/vuls/id/417980

History

Wed, 04 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:dproxy-nexgen_project:dproxy-nexgen:-:::::::* cpe:2.3:a:microsoft:wds:::::::: cpe:2.3:a:mikrotik:routeros_tftp::::::::
Vendors & Products	Dproxy-nexgen Project Dproxy-nexgen Project dproxy-nexgen Microsoft Microsoft wds Mikrotik Mikrotik routeros Tftp
References		http://www.openwall.com/lists/oss-security/2024/09/04/1
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2024-03-19T19:50:10.700Z

Updated: 2024-09-04T12:04:51.230Z

Reserved: 2024-03-04T16:29:42.695Z

Link: CVE-2024-2169

Vulnrichment

Updated: 2024-09-04T12:04:51.230Z

NVD

Status : Awaiting Analysis

Published: 2024-03-19T20:15:07.320

Modified: 2024-11-21T09:09:10.397

Link: CVE-2024-2169

Redhat

Severity : Moderate

Publid Date: 2024-03-20T00:00:00Z

Links: CVE-2024-2169 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2169", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2024-03-04T16:29:42.695Z", "datePublished": "2024-03-19T19:50:10.700Z", "dateUpdated": "2024-09-04T12:04:51.230Z"}, "containers": {"cna": {"title": "Implementations of UDP application protocols are susceptible to network loops and denial of service", "descriptions": [{"lang": "en", "value": "Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources."}], "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Thanks to the reporters Yepeng Pan and Christian Rossow from the CISPA Helmholtz Center for Information Security, Germany."}], "affected": [{"vendor": "MikroTik", "product": "RouterOS-TFTP", "versions": [{"status": "affected", "version": "*", "lessThanOrEqual": "7.13.2", "versionType": "custom"}]}, {"vendor": "Microsoft", "product": "WDS", "versions": [{"status": "affected", "version": "*"}]}, {"vendor": "dproxy-nexgen", "product": "dproxy-nexgen", "versions": [{"status": "affected", "version": "0.1", "lessThanOrEqual": "0.5", "versionType": "custom"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-406: Insufficient Control of Network Message Volume (Network Amplification)"}]}], "references": [{"url": "https://kb.cert.org/vuls/id/417980"}, {"url": "https://www.kb.cert.org/vuls/id/417980"}], "x_generator": {"engine": "VINCE 2.1.12", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-2169"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2024-03-19T19:59:53.925Z"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://kb.cert.org/vuls/id/417980", "tags": ["x_transferred"]}, {"url": "https://www.kb.cert.org/vuls/id/417980", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/09/04/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-04T12:04:51.230Z"}}, {"affected": [{"vendor": "mikrotik", "product": "routeros_tftp", "cpes": ["cpe:2.3:a:mikrotik:routeros_tftp:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "7.13.2", "versionType": "custom"}]}, {"vendor": "microsoft", "product": "wds", "cpes": ["cpe:2.3:a:microsoft:wds:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "dproxy-nexgen_project", "product": "dproxy-nexgen", "cpes": ["cpe:2.3:a:dproxy-nexgen_project:dproxy-nexgen:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.1", "status": "affected", "lessThanOrEqual": "0.5", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-02T16:48:38.161456Z", "id": "CVE-2024-2169", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T16:53:26.755Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://kb.cert.org/vuls/id/417980", "tags": ["x_transferred"]}, {"url": "https://www.kb.cert.org/vuls/id/417980", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/09/04/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-04T12:04:51.230Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-2169", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-02T16:48:38.161456Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mikrotik:routeros_tftp:*:*:*:*:*:*:*:*"], "vendor": "mikrotik", "product": "routeros_tftp", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "7.13.2"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:microsoft:wds:*:*:*:*:*:*:*:*"], "vendor": "microsoft", "product": "wds", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:dproxy-nexgen_project:dproxy-nexgen:-:*:*:*:*:*:*:*"], "vendor": "dproxy-nexgen_project", "product": "dproxy-nexgen", "versions": [{"status": "affected", "version": "0.1", "versionType": "custom", "lessThanOrEqual": "0.5"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T16:51:21.436Z"}}], "cna": {"title": "Implementations of UDP application protocols are susceptible to network loops and denial of service", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Thanks to the reporters Yepeng Pan and Christian Rossow from the CISPA Helmholtz Center for Information Security, Germany."}], "affected": [{"vendor": "MikroTik", "product": "RouterOS-TFTP", "versions": [{"status": "affected", "version": "*", "versionType": "custom", "lessThanOrEqual": "7.13.2"}]}, {"vendor": "Microsoft", "product": "WDS", "versions": [{"status": "affected", "version": "*"}]}, {"vendor": "dproxy-nexgen", "product": "dproxy-nexgen", "versions": [{"status": "affected", "version": "0.1", "versionType": "custom", "lessThanOrEqual": "0.5"}]}], "references": [{"url": "https://kb.cert.org/vuls/id/417980"}, {"url": "https://www.kb.cert.org/vuls/id/417980"}], "x_generator": {"env": "prod", "engine": "VINCE 2.1.12", "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-2169"}, "descriptions": [{"lang": "en", "value": "Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-406: Insufficient Control of Network Message Volume (Network Amplification)"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2024-03-19T19:59:53.925Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2169", "state": "PUBLISHED", "dateUpdated": "2024-09-04T12:04:51.230Z", "dateReserved": "2024-03-04T16:29:42.695Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2024-03-19T19:50:10.700Z", "assignerShortName": "certcc"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "udp: Implementations of UDP protocol are vulnerable to network loops", "id": "2272753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272753"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources.", "A vulnerability was found in certain UPD protocol implementations. This issue may allow an unauthenticated attacker to send maliciously crafted packages leading to a denial of service on the targeted system. An attacker needs to perform the attack on a vulnerable server in order to meet the conditions to create the necessary traffic-loop for a successful attack."], "name": "CVE-2024-2169", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Not affected", "package_name": "rsyslog", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "dhcp", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "net-snmp", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "rsyslog", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "tftp", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "net-snmp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "rsyslog", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "rsyslog7", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "tftp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "net-snmp", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "rsyslog", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "tftp", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "bind9.16", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "net-snmp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "rsyslog", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "tftp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dhcp", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "net-snmp", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "rsyslog", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "tftp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-2169\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2169"], "statement": "Red Hat is aware of the existence of CVE-2024-2169 and has investigated the impact in several packages distributed across Red Hat Enterprise Linux versions.\nThe versions of the NTP package shipped with Red Hat Enterprise Linux 6 and 7 are not vulnerable to this attack, as this issue was dependent on CVE-2009-3563 present in ntp up to 4.2.4p8 and 4.2.5, which are older than the versions shipped with the mentioned products.\nPackage implementations of DNS (such as dnsmasq and bind), tftp, and dhcp packages as distributed with Red Hat Enterprise Linux are not affected by this vulnerability as all of it uses a random source port for response, making it impossible to perform a traffic-loop attack.", "threat_severity": "Moderate"}