Search criteria
1 vulnerability by dproxy-nexgen
CVE-2024-2169 (GCVE-0-2024-2169)
Vulnerability from cvelistv5 – Published: 2024-03-19 19:50 – Updated: 2024-09-04 12:04
VLAI
Title
Implementations of UDP application protocols are susceptible to network loops and denial of service
Summary
Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-406 - Insufficient Control of Network Message Volume (Network Amplification)
Assigner
References
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| MikroTik | RouterOS-TFTP |
Affected:
* , ≤ 7.13.2
(custom)
|
|
| Microsoft | WDS |
Affected:
*
|
|
| dproxy-nexgen | dproxy-nexgen |
Affected:
0.1 , ≤ 0.5
(custom)
|
|
| mikrotik | routeros_tftp |
Affected:
0 , ≤ 7.13.2
(custom)
cpe:2.3:a:mikrotik:routeros_tftp:*:*:*:*:*:*:*:* |
|
| microsoft | wds |
Affected:
0 , ≤ *
(custom)
cpe:2.3:a:microsoft:wds:*:*:*:*:*:*:*:* |
|
| dproxy-nexgen_project | dproxy-nexgen |
Affected:
0.1 , ≤ 0.5
(custom)
cpe:2.3:a:dproxy-nexgen_project:dproxy-nexgen:-:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-04T12:04:51.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/417980"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/417980"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/09/04/1"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mikrotik:routeros_tftp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "routeros_tftp",
"vendor": "mikrotik",
"versions": [
{
"lessThanOrEqual": "7.13.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:wds:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wds",
"vendor": "microsoft",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:dproxy-nexgen_project:dproxy-nexgen:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dproxy-nexgen",
"vendor": "dproxy-nexgen_project",
"versions": [
{
"lessThanOrEqual": "0.5",
"status": "affected",
"version": "0.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2169",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T16:48:38.161456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T16:53:26.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RouterOS-TFTP",
"vendor": "MikroTik",
"versions": [
{
"lessThanOrEqual": "7.13.2",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"product": "WDS",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"product": "dproxy-nexgen",
"vendor": "dproxy-nexgen",
"versions": [
{
"lessThanOrEqual": "0.5",
"status": "affected",
"version": "0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks to the reporters Yepeng Pan and Christian Rossow from the CISPA Helmholtz Center for Information Security, Germany."
}
],
"descriptions": [
{
"lang": "en",
"value": "Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-406: Insufficient Control of Network Message Volume (Network Amplification)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-19T19:59:53.925Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/417980"
},
{
"url": "https://www.kb.cert.org/vuls/id/417980"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Implementations of UDP application protocols are susceptible to network loops and denial of service",
"x_generator": {
"engine": "VINCE 2.1.12",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-2169"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2024-2169",
"datePublished": "2024-03-19T19:50:10.700Z",
"dateReserved": "2024-03-04T16:29:42.695Z",
"dateUpdated": "2024-09-04T12:04:51.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}