Vulnerabilities > CVE-2001-0288 - Unspecified vulnerability in Cisco IOS

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

cisco

nessus

exploit available

NVD

Published: 2001-05-03

Updated: 2008-09-05

Summary

Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS \(4\)St Cisco IOS - Cisco IOS 3.3.0Se Cisco IOS 3.3.0Xo Cisco IOS 3.3.1Se Cisco IOS 3.3.1Xo Cisco IOS 3.3.2Se Cisco IOS 3.3.2Xo Cisco IOS 3.3.3Se Cisco IOS 3.3.4Se Cisco IOS 3.3.5Se Cisco IOS 3.5.0E Cisco IOS 3.5.1E Cisco IOS 3.5.2E Cisco IOS 3.5.3E Cisco IOS 3.6.0E Cisco IOS 3.6.1E Cisco IOS 3.6.2Ae Cisco IOS 3.6.2E Cisco IOS 3.6.3E Cisco IOS 3.6.4E Cisco IOS 3.7.0E Cisco IOS 3.7.1E Cisco IOS 3.7.2E Cisco IOS 3.7.3E Cisco IOS 3.16.8S Cisco IOS 4.1 Cisco IOS 4.1.1 Cisco IOS 4.1.2 Cisco IOS 8.2 Cisco IOS 8.3 Cisco IOS 9.0 Cisco IOS 9.1 Cisco IOS 9.14 Cisco IOS 10.0 Cisco IOS 10.3 Cisco IOS 10.3\(3.3\) Cisco IOS 10.3\(3.4\) Cisco IOS 10.3\(4.2\) Cisco IOS 10.3\(4.3\) Cisco IOS 10.3\(16\) Cisco IOS 10.3\(19A\) Cisco IOS 11 Cisco IOS 11.0 Cisco IOS 11.0\(12\) Cisco IOS 11.0\(17\) Cisco IOS 11.0\(17\)Bt Cisco IOS 11.0\(18\) Cisco IOS 11.0\(20.3\) Cisco IOS 11.0\(22A\) Cisco IOS 11.0\(22B\) Cisco IOS 11.0\(X\) Cisco IOS 11.0.12\(A\)Bt Cisco IOS 11.1 Cisco IOS 11.1\(5\) Cisco IOS 11.1\(7\) Cisco IOS 11.1\(7\)Aa Cisco IOS 11.1\(7\)Ca Cisco IOS 11.1\(9\)Ia Cisco IOS 11.1\(11\) Cisco IOS 11.1\(12\) Cisco IOS 11.1\(13\) Cisco IOS 11.1\(13\)Aa Cisco IOS 11.1\(13\)Ca Cisco IOS 11.1\(13\)Ia Cisco IOS 11.1\(14\) Cisco IOS 11.1\(15\) Cisco IOS 11.1\(15\)Aa Cisco IOS 11.1\(15\)Ca Cisco IOS 11.1\(15\)Ia Cisco IOS 11.1\(16\) Cisco IOS 11.1\(16\)Aa Cisco IOS 11.1\(16\)Ia Cisco IOS 11.1\(17\) Cisco IOS 11.1\(17\)Cc Cisco IOS 11.1\(17\)Ct Cisco IOS 11.1\(18\) Cisco IOS 11.1\(20\)Aa4 Cisco IOS 11.1\(22\) Cisco IOS 11.1\(24\) Cisco IOS 11.1\(24A\) Cisco IOS 11.1\(24B\) Cisco IOS 11.1\(24C\) Cisco IOS 11.1\(28A\)Ct Cisco IOS 11.1\(28A\)Ia Cisco IOS 11.1\(36\)Ca2 Cisco IOS 11.1\(36\)Ca4 Cisco IOS 11.1\(36\)Cc2 Cisco IOS 11.1\(36\)Cc4 Cisco IOS 11.1Aa Cisco IOS 11.1Ca Cisco IOS 11.1Cc Cisco IOS 11.1Ct Cisco IOS 11.1Ia Cisco IOS 11.2 Cisco IOS 11.2\(4\) Cisco IOS 11.2\(4\)F Cisco IOS 11.2\(4\)F1 Cisco IOS 11.2\(4\)Xa Cisco IOS 11.2\(4\)Xaf Cisco IOS 11.2\(8\) Cisco IOS 11.2\(8\)P Cisco IOS 11.2\(8\)Sa1 Cisco IOS 11.2\(8\)Sa3 Cisco IOS 11.2\(8\)Sa5 Cisco IOS 11.2\(8.2\)Sa6 Cisco IOS 11.2\(8.9\)Sa6 Cisco IOS 11.2\(9\)P Cisco IOS 11.2\(9\)Xa Cisco IOS 11.2\(10\) Cisco IOS 11.2\(10\)Bc Cisco IOS 11.2\(11\) Cisco IOS 11.2\(11B\)T2 Cisco IOS 11.2\(14\)Gs2 Cisco IOS 11.2\(15\)G Cisco IOS 11.2\(15A\)P Cisco IOS 11.2\(15B\) Cisco IOS 11.2\(16\) Cisco IOS 11.2\(16\)P Cisco IOS 11.2\(17\) Cisco IOS 11.2\(18\) Cisco IOS 11.2\(19\)Gs0.2 Cisco IOS 11.2\(19A\)Gs6 Cisco IOS 11.2\(23A\)Bc1 Cisco IOS 11.2\(26\)P2 Cisco IOS 11.2\(26\)P5 Cisco IOS 11.2\(26A\) Cisco IOS 11.2\(26B\) Cisco IOS 11.2\(26E\) Cisco IOS 11.2Bc Cisco IOS 11.2F Cisco IOS 11.2Gs Cisco IOS 11.2P Cisco IOS 11.2Sa Cisco IOS 11.2Wa3 Cisco IOS 11.2Wa4 Cisco IOS 11.2Xa Cisco IOS 11.3 Cisco IOS 11.3\(1\) Cisco IOS 11.3\(1\)Ed Cisco IOS 11.3\(1\)T Cisco IOS 11.3\(2\)Xa Cisco IOS 11.3\(7\)Db1 Cisco IOS 11.3\(8\)Db2 Cisco IOS 11.3\(8\)T1 Cisco IOS 11.3\(11\)B Cisco IOS 11.3\(11B\) Cisco IOS 11.3\(11B\)T2 Cisco IOS 11.3\(11C\) Cisco IOS 11.3\(11D\) Cisco IOS 11.3Aa Cisco IOS 11.3Da Cisco IOS 11.3Db Cisco IOS 11.3Ha Cisco IOS 11.3Ma Cisco IOS 11.3Na Cisco IOS 11.3T Cisco IOS 11.3Wa4 Cisco IOS 11.3Xa Cisco IOS 12.0 Cisco IOS 12.0\(1\) Cisco IOS 12.0\(1\)Db Cisco IOS 12.0\(1\)S Cisco IOS 12.0\(1\)St Cisco IOS 12.0\(1\)T Cisco IOS 12.0\(1\)T1 Cisco IOS 12.0\(1\)W Cisco IOS 12.0\(1\)Xa Cisco IOS 12.0\(1\)Xa1 Cisco IOS 12.0\(1\)Xa2 Cisco IOS 12.0\(1\)Xa3 Cisco IOS 12.0\(1\)Xa4 Cisco IOS 12.0\(1\)Xb Cisco IOS 12.0\(1\)Xb1 Cisco IOS 12.0\(1\)Xe Cisco IOS 12.0\(2\) Cisco IOS 12.0\(2\)Db Cisco IOS 12.0\(2\)S Cisco IOS 12.0\(2\)T Cisco IOS 12.0\(2\)T1 Cisco IOS 12.0\(2\)Xc Cisco IOS 12.0\(2\)Xd Cisco IOS 12.0\(2\)Xe Cisco IOS 12.0\(2\)Xf Cisco IOS 12.0\(2\)Xg Cisco IOS 12.0\(2\)Xh Cisco IOS 12.0\(2A\) Cisco IOS 12.0\(2A\)T1 Cisco IOS 12.0\(2B\) Cisco IOS 12.0\(3\) Cisco IOS 12.0\(3\)Db Cisco IOS 12.0\(3\)Dc Cisco IOS 12.0\(3\)Dc1 Cisco IOS 12.0\(3\)T2 Cisco IOS 12.0\(3\)Xe Cisco IOS 12.0\(3\)Xe1 Cisco IOS 12.0\(3\)Xe2 Cisco IOS 12.0\(3.2\) Cisco IOS 12.0\(3.3\)S Cisco IOS 12.0\(3.4\)T Cisco IOS 12.0\(3.6\)W5\(9.0.5\) Cisco IOS 12.0\(3A\) Cisco IOS 12.0\(3B\) Cisco IOS 12.0\(3C\) Cisco IOS 12.0\(3D\) Cisco IOS 12.0\(4\) Cisco IOS 12.0\(4\)Db Cisco IOS 12.0\(4\)S Cisco IOS 12.0\(4\)T Cisco IOS 12.0\(4\)T1 Cisco IOS 12.0\(4\)Xe Cisco IOS 12.0\(4\)Xe1 Cisco IOS 12.0\(4\)Xe2 Cisco IOS 12.0\(4\)Xh Cisco IOS 12.0\(4\)Xh1 Cisco IOS 12.0\(4\)Xh2 Cisco IOS 12.0\(4\)Xh3 Cisco IOS 12.0\(4\)Xh4 Cisco IOS 12.0\(4\)Xi Cisco IOS 12.0\(4\)Xi1 Cisco IOS 12.0\(4\)Xi2 Cisco IOS 12.0\(4\)Xj Cisco IOS 12.0\(4\)Xj1 Cisco IOS 12.0\(4\)Xj2 Cisco IOS 12.0\(4\)Xj3 Cisco IOS 12.0\(4\)Xj4 Cisco IOS 12.0\(4\)Xj5 Cisco IOS 12.0\(4\)Xj6 Cisco IOS 12.0\(4\)Xl Cisco IOS 12.0\(4\)Xl1 Cisco IOS 12.0\(4\)Xm Cisco IOS 12.0\(4\)Xm1 Cisco IOS 12.0\(4A\) Cisco IOS 12.0\(4B\) Cisco IOS 12.0\(5\) Cisco IOS 12.0\(5\)Da Cisco IOS 12.0\(5\)Da1 Cisco IOS 12.0\(5\)Db Cisco IOS 12.0\(5\)Dc Cisco IOS 12.0\(5\)S Cisco IOS 12.0\(5\)T Cisco IOS 12.0\(5\)T1 Cisco IOS 12.0\(5\)T2 Cisco IOS 12.0\(5\)Wc Cisco IOS 12.0\(5\)Wc2 Cisco IOS 12.0\(5\)Wc2B Cisco IOS 12.0\(5\)Wc3 Cisco IOS 12.0\(5\)Wc3B Cisco IOS 12.0\(5\)Wc5A Cisco IOS 12.0\(05\)Wc8 Cisco IOS 12.0\(5\)Wc9 Cisco IOS 12.0\(5\)Wc9A Cisco IOS 12.0\(5\)Wc11 Cisco IOS 12.0\(5\)Wc13 Cisco IOS 12.0\(5\)Wx Cisco IOS 12.0\(5\)Xe Cisco IOS 12.0\(5\)Xe1 Cisco IOS 12.0\(5\)Xe2 Cisco IOS 12.0\(5\)Xe3 Cisco IOS 12.0\(5\)Xe4 Cisco IOS 12.0\(5\)Xe5 Cisco IOS 12.0\(5\)Xe6 Cisco IOS 12.0\(5\)Xe7 Cisco IOS 12.0\(5\)Xe8 Cisco IOS 12.0\(5\)Xk Cisco IOS 12.0\(5\)Xk1 Cisco IOS 12.0\(5\)Xk2 Cisco IOS 12.0\(5\)Xn Cisco IOS 12.0\(5\)Xn1 Cisco IOS 12.0\(5\)Xq Cisco IOS 12.0\(5\)Xq1 Cisco IOS 12.0\(5\)Xs Cisco IOS 12.0\(5\)Xs1 Cisco IOS 12.0\(5\)Xs2 Cisco IOS 12.0\(5\)Xt1 Cisco IOS 12.0\(5\)Xu Cisco IOS 12.0\(5\)Xw Cisco IOS 12.0\(5\)Yb4 Cisco IOS 12.0\(5.1\)Xp Cisco IOS 12.0\(5.2\)Xu Cisco IOS 12.0\(5.3\)Wc1 Cisco IOS 12.0\(5.4\)Wc1 Cisco IOS 12.0\(5A\)E Cisco IOS 12.0\(6\) Cisco IOS 12.0\(6\)Da Cisco IOS 12.0\(6\)S Cisco IOS 12.0\(6\)S1 Cisco IOS 12.0\(6\)S2 Cisco IOS 12.0\(6\)Sc Cisco IOS 12.0\(6\)T Cisco IOS 12.0\(6\)Xr Cisco IOS 12.0\(6A\) Cisco IOS 12.0\(6B\) Cisco IOS 12.0\(7\) Cisco IOS 12.0\(7\)Db Cisco IOS 12.0\(7\)Db1 Cisco IOS 12.0\(7\)Db2 Cisco IOS 12.0\(7\)Dc Cisco IOS 12.0\(7\)Dc1 Cisco IOS 12.0\(7\)S Cisco IOS 12.0\(7\)S1 Cisco IOS 12.0\(7\)Sc Cisco IOS 12.0\(7\)T Cisco IOS 12.0\(7\)T1 Cisco IOS 12.0\(7\)T2 Cisco IOS 12.0\(7\)T3 Cisco IOS 12.0\(7\)Wx5\(15A\) Cisco IOS 12.0\(7\)Xe Cisco IOS 12.0\(7\)Xe1 Cisco IOS 12.0\(7\)Xe2 Cisco IOS 12.0\(7\)Xf Cisco IOS 12.0\(7\)Xf1 Cisco IOS 12.0\(7\)Xk Cisco IOS 12.0\(7\)Xk1 Cisco IOS 12.0\(7\)Xk2 Cisco IOS 12.0\(7\)Xk3 Cisco IOS 12.0\(7\)Xr Cisco IOS 12.0\(7\)Xr1 Cisco IOS 12.0\(7\)Xr2 Cisco IOS 12.0\(7\)Xr3 Cisco IOS 12.0\(7\)Xr4 Cisco IOS 12.0\(7\)Xv Cisco IOS 12.0\(7.4\)S Cisco IOS 12.0\(7A\) Cisco IOS 12.0\(8\) Cisco IOS 12.0\(8\)Da Cisco IOS 12.0\(8\)Da1 Cisco IOS 12.0\(8\)S Cisco IOS 12.0\(8\)S1 Cisco IOS 12.0\(8\)Sc Cisco IOS 12.0\(8\)Sc1 Cisco IOS 12.0\(8.0.2\)S Cisco IOS 12.0\(8.3\)Sc Cisco IOS 12.0\(8A\) Cisco IOS 12.0\(9\) Cisco IOS 12.0\(9\)S Cisco IOS 12.0\(9\)S8 Cisco IOS 12.0\(9\)Sc Cisco IOS 12.0\(9\)Sl Cisco IOS 12.0\(9\)Sl1 Cisco IOS 12.0\(9\)Sl2 Cisco IOS 12.0\(9\)St Cisco IOS 12.0\(9A\) Cisco IOS 12.0\(10\) Cisco IOS 12.0\(10\)S Cisco IOS 12.0\(10\)S1 Cisco IOS 12.0\(10\)S2 Cisco IOS 12.0\(10\)S3 Cisco IOS 12.0\(10\)S3B Cisco IOS 12.0\(10\)S4 Cisco IOS 12.0\(10\)S5 Cisco IOS 12.0\(10\)S6 Cisco IOS 12.0\(10\)S7 Cisco IOS 12.0\(10\)S8 Cisco IOS 12.0\(10\)Sc Cisco IOS 12.0\(10\)Sc1 Cisco IOS 12.0\(10\)Sl Cisco IOS 12.0\(10\)St Cisco IOS 12.0\(10\)St1 Cisco IOS 12.0\(10\)St2 Cisco IOS 12.0\(10\)Sx Cisco IOS 12.0\(10\)W5 Cisco IOS 12.0\(10\)W5\(18F\) Cisco IOS 12.0\(10\)W5\(18G\) Cisco IOS 12.0\(10A\) Cisco IOS 12.0\(11\) Cisco IOS 12.0\(11\)S Cisco IOS 12.0\(11\)S1 Cisco IOS 12.0\(11\)S2 Cisco IOS 12.0\(11\)S3 Cisco IOS 12.0\(11\)S4 Cisco IOS 12.0\(11\)S5 Cisco IOS 12.0\(11\)S6 Cisco IOS 12.0\(11\)Sc Cisco IOS 12.0\(11\)Sl Cisco IOS 12.0\(11\)Sl1 Cisco IOS 12.0\(11\)St Cisco IOS 12.0\(11\)St1 Cisco IOS 12.0\(11\)St2 Cisco IOS 12.0\(11\)St3 Cisco IOS 12.0\(11\)St4 Cisco IOS 12.0\(11A\) Cisco IOS 12.0\(12\) Cisco IOS 12.0\(12\)S Cisco IOS 12.0\(12\)S1 Cisco IOS 12.0\(12\)S2 Cisco IOS 12.0\(12\)S3 Cisco IOS 12.0\(12\)S4 Cisco IOS 12.0\(12\)Sc Cisco IOS 12.0\(12A\) Cisco IOS 12.0\(13\) Cisco IOS 12.0\(13\)S Cisco IOS 12.0\(13\)S1 Cisco IOS 12.0\(13\)S2 Cisco IOS 12.0\(13\)S3 Cisco IOS 12.0\(13\)S4 Cisco IOS 12.0\(13\)S5 Cisco IOS 12.0\(13\)S6 Cisco IOS 12.0\(13\)S8 Cisco IOS 12.0\(13\)Sc Cisco IOS 12.0\(13\)W5\(19C\) Cisco IOS 12.0\(13\)Wt6\(1\) Cisco IOS 12.0\(13A\) Cisco IOS 12.0\(14\) Cisco IOS 12.0\(14\)S Cisco IOS 12.0\(14\)S1 Cisco IOS 12.0\(14\)S7 Cisco IOS 12.0\(14\)S8 Cisco IOS 12.0\(14\)Sl1 Cisco IOS 12.0\(14\)St Cisco IOS 12.0\(14\)St1 Cisco IOS 12.0\(14\)St2 Cisco IOS 12.0\(14\)St3 Cisco IOS 12.0\(14\)W5\(20\) Cisco IOS 12.0\(14A\) Cisco IOS 12.0\(15\) Cisco IOS 12.0\(15\)S Cisco IOS 12.0\(15\)S1 Cisco IOS 12.0\(15\)S2 Cisco IOS 12.0\(15\)S3 Cisco IOS 12.0\(15\)S4 Cisco IOS 12.0\(15\)S5 Cisco IOS 12.0\(15\)S6 Cisco IOS 12.0\(15\)S7 Cisco IOS 12.0\(15\)Sc Cisco IOS 12.0\(15\)Sc1 Cisco IOS 12.0\(15\)Sl Cisco IOS 12.0\(15A\) Cisco IOS 12.0\(15B\) Cisco IOS 12.0\(16\) Cisco IOS 12.0\(16\)S Cisco IOS 12.0\(16\)S1 Cisco IOS 12.0\(16\)S2 Cisco IOS 12.0\(16\)S3 Cisco IOS 12.0\(16\)S4 Cisco IOS 12.0\(16\)S5 Cisco IOS 12.0\(16\)S6 Cisco IOS 12.0\(16\)S7 Cisco IOS 12.0\(16\)S8 Cisco IOS 12.0\(16\)S8A Cisco IOS 12.0\(16\)S9 Cisco IOS 12.0\(16\)S10 Cisco IOS 12.0\(16\)Sc Cisco IOS 12.0\(16\)Sc1 Cisco IOS 12.0\(16\)Sc2 Cisco IOS 12.0\(16\)Sc3 Cisco IOS 12.0\(16\)St Cisco IOS 12.0\(16\)St1 Cisco IOS 12.0\(16\)W5\(21\) Cisco IOS 12.0\(16.06\)S Cisco IOS 12.0\(16A\) Cisco IOS 12.0\(17\) Cisco IOS 12.0\(17\)S Cisco IOS 12.0\(17\)S1 Cisco IOS 12.0\(17\)S2 Cisco IOS 12.0\(17\)S3 Cisco IOS 12.0\(17\)S4 Cisco IOS 12.0\(17\)S5 Cisco IOS 12.0\(17\)S6 Cisco IOS 12.0\(17\)S7 Cisco IOS 12.0\(17\)Sl Cisco IOS 12.0\(17\)Sl1 Cisco IOS 12.0\(17\)Sl2 Cisco IOS 12.0\(17\)Sl3 Cisco IOS 12.0\(17\)Sl4 Cisco IOS 12.0\(17\)Sl5 Cisco IOS 12.0\(17\)Sl6 Cisco IOS 12.0\(17\)Sl8 Cisco IOS 12.0\(17\)Sl9 Cisco IOS 12.0\(17\)St Cisco IOS 12.0\(17\)St1 Cisco IOS 12.0\(17\)St2 Cisco IOS 12.0\(17\)St3 Cisco IOS 12.0\(17\)St4 Cisco IOS 12.0\(17\)St5 Cisco IOS 12.0\(17\)St6 Cisco IOS 12.0\(17\)St7 Cisco IOS 12.0\(17\)St8 Cisco IOS 12.0\(17A\) Cisco IOS 12.0\(18\) Cisco IOS 12.0\(18\)S Cisco IOS 12.0\(18\)S1 Cisco IOS 12.0\(18\)S2 Cisco IOS 12.0\(18\)S3 Cisco IOS 12.0\(18\)S4 Cisco IOS 12.0\(18\)S5 Cisco IOS 12.0\(18\)S5A Cisco IOS 12.0\(18\)S6 Cisco IOS 12.0\(18\)S7 Cisco IOS 12.0\(18\)Sl Cisco IOS 12.0\(18\)St Cisco IOS 12.0\(18\)St1 Cisco IOS 12.0\(18\)W5\(22B\) Cisco IOS 12.0\(18A\) Cisco IOS 12.0\(18B\) Cisco IOS 12.0\(19\) Cisco IOS 12.0\(19\)S Cisco IOS 12.0\(19\)S1 Cisco IOS 12.0\(19\)S2 Cisco IOS 12.0\(19\)S2A Cisco IOS 12.0\(19\)S3 Cisco IOS 12.0\(19\)S4 Cisco IOS 12.0\(19\)Sl Cisco IOS 12.0\(19\)Sl1 Cisco IOS 12.0\(19\)Sl2 Cisco IOS 12.0\(19\)Sl3 Cisco IOS 12.0\(19\)Sl4 Cisco IOS 12.0\(19\)Sp Cisco IOS 12.0\(19\)Sp1 Cisco IOS 12.0\(19\)St Cisco IOS 12.0\(19\)St1 Cisco IOS 12.0\(19\)St2 Cisco IOS 12.0\(19\)St3 Cisco IOS 12.0\(19\)St4 Cisco IOS 12.0\(19\)St5 Cisco IOS 12.0\(19\)St6 Cisco IOS 12.0\(19A\) Cisco IOS 12.0\(19B\) Cisco IOS 12.0\(20\) Cisco IOS 12.0\(20\)Sl Cisco IOS 12.0\(20\)Sp Cisco IOS 12.0\(20\)Sp1 Cisco IOS 12.0\(20\)Sp2 Cisco IOS 12.0\(20\)St Cisco IOS 12.0\(20\)St1 Cisco IOS 12.0\(20\)St2 Cisco IOS 12.0\(20\)St3 Cisco IOS 12.0\(20\)St4 Cisco IOS 12.0\(20\)St5 Cisco IOS 12.0\(20\)St6 Cisco IOS 12.0\(20\)St7 Cisco IOS 12.0\(20\)Sx Cisco IOS 12.0\(20\)W5\(22B\) Cisco IOS 12.0\(20.4\)Sp Cisco IOS 12.0\(20A\) Cisco IOS 12.0\(21\) Cisco IOS 12.0\(21\)S Cisco IOS 12.0\(21\)S1 Cisco IOS 12.0\(21\)S2 Cisco IOS 12.0\(21\)S3 Cisco IOS 12.0\(21\)S4 Cisco IOS 12.0\(21\)S4A Cisco IOS 12.0\(21\)S5 Cisco IOS 12.0\(21\)S5A Cisco IOS 12.0\(21\)S6 Cisco IOS 12.0\(21\)S6A Cisco IOS 12.0\(21\)S7 Cisco IOS 12.0\(21\)S8 Cisco IOS 12.0\(21\)Sl Cisco IOS 12.0\(21\)Sp Cisco IOS 12.0\(21\)Sp1 Cisco IOS 12.0\(21\)Sp2 Cisco IOS 12.0\(21\)Sp3 Cisco IOS 12.0\(21\)Sp4 Cisco IOS 12.0\(21\)St Cisco IOS 12.0\(21\)St1 Cisco IOS 12.0\(21\)St2 Cisco IOS 12.0\(21\)St2A Cisco IOS 12.0\(21\)St2B Cisco IOS 12.0\(21\)St3 Cisco IOS 12.0\(21\)St3A Cisco IOS 12.0\(21\)St4 Cisco IOS 12.0\(21\)St5 Cisco IOS 12.0\(21\)St6 Cisco IOS 12.0\(21\)St6A Cisco IOS 12.0\(21\)St7 Cisco IOS 12.0\(21\)Sx Cisco IOS 12.0\(21\)Sx1 Cisco IOS 12.0\(21\)Sz Cisco IOS 12.0\(21A\) Cisco IOS 12.0\(22\) Cisco IOS 12.0\(22\)S Cisco IOS 12.0\(22\)S1 Cisco IOS 12.0\(22\)S2 Cisco IOS 12.0\(22\)S2A Cisco IOS 12.0\(22\)S2B Cisco IOS 12.0\(22\)S2C Cisco IOS 12.0\(22\)S2D Cisco IOS 12.0\(22\)S2E Cisco IOS 12.0\(22\)S3 Cisco IOS 12.0\(22\)S3A Cisco IOS 12.0\(22\)S3B Cisco IOS 12.0\(22\)S3C Cisco IOS 12.0\(22\)S4 Cisco IOS 12.0\(22\)S4A Cisco IOS 12.0\(22\)S5 Cisco IOS 12.0\(22\)S5A Cisco IOS 12.0\(22\)S6 Cisco IOS 12.0\(22\)Sy Cisco IOS 12.0\(23\) Cisco IOS 12.0\(23\)S Cisco IOS 12.0\(23\)S1 Cisco IOS 12.0\(23\)S2 Cisco IOS 12.0\(23\)S2A Cisco IOS 12.0\(23\)S3 Cisco IOS 12.0\(23\)S3A Cisco IOS 12.0\(23\)S3B Cisco IOS 12.0\(23\)S3C Cisco IOS 12.0\(23\)S4 Cisco IOS 12.0\(23\)S5 Cisco IOS 12.0\(23\)S6 Cisco IOS 12.0\(23\)S6A Cisco IOS 12.0\(23\)Sx Cisco IOS 12.0\(23\)Sx1 Cisco IOS 12.0\(23\)Sx2 Cisco IOS 12.0\(23\)Sx3 Cisco IOS 12.0\(23\)Sx4 Cisco IOS 12.0\(23\)Sx5 Cisco IOS 12.0\(23\)Sz Cisco IOS 12.0\(23\)Sz3 Cisco IOS 12.0\(24\) Cisco IOS 12.0\(24\)S Cisco IOS 12.0\(24\)S1 Cisco IOS 12.0\(24\)S2 Cisco IOS 12.0\(24\)S2A Cisco IOS 12.0\(24\)S2B Cisco IOS 12.0\(24\)S3 Cisco IOS 12.0\(24\)S4 Cisco IOS 12.0\(24\)S4A Cisco IOS 12.0\(24\)S5 Cisco IOS 12.0\(24\)S6 Cisco IOS 12.0\(24.2\)S Cisco IOS 12.0\(25\) Cisco IOS 12.0\(25\)S Cisco IOS 12.0\(25\)S1 Cisco IOS 12.0\(25\)S1A Cisco IOS 12.0\(25\)S1B Cisco IOS 12.0\(25\)S1C Cisco IOS 12.0\(25\)S1D Cisco IOS 12.0\(25\)S2 Cisco IOS 12.0\(25\)S3 Cisco IOS 12.0\(25\)S4 Cisco IOS 12.0\(25\)Sx Cisco IOS 12.0\(25\)Sx1 Cisco IOS 12.0\(25\)Sx2 Cisco IOS 12.0\(25\)Sx3 Cisco IOS 12.0\(25\)Sx4 Cisco IOS 12.0\(25\)Sx5 Cisco IOS 12.0\(25\)Sx6 Cisco IOS 12.0\(25\)Sx6E Cisco IOS 12.0\(25\)Sx7 Cisco IOS 12.0\(25\)Sx8 Cisco IOS 12.0\(25\)Sx9 Cisco IOS 12.0\(25\)Sx10 Cisco IOS 12.0\(25\)W5\(27\) Cisco IOS 12.0\(25\)W5\(27C\) Cisco IOS 12.0\(25\)W5-27D Cisco IOS 12.0\(25.4\)S1 Cisco IOS 12.0\(26\) Cisco IOS 12.0\(26\)S Cisco IOS 12.0\(26\)S1 Cisco IOS 12.0\(26\)S2 Cisco IOS 12.0\(26\)S2C Cisco IOS 12.0\(26\)S6 Cisco IOS 12.0\(26\)W5\(28\) Cisco IOS 12.0\(26\)W5\(28A\) Cisco IOS 12.0\(27\) Cisco IOS 12.0\(27\)S Cisco IOS 12.0\(27\)S1 Cisco IOS 12.0\(27\)S2 Cisco IOS 12.0\(27\)S3 Cisco IOS 12.0\(27\)S4 Cisco IOS 12.0\(27\)S4Z Cisco IOS 12.0\(27\)S5 Cisco IOS 12.0\(27\)Sv Cisco IOS 12.0\(27\)Sv1 Cisco IOS 12.0\(27\)Sv2 Cisco IOS 12.0\(28\) Cisco IOS 12.0\(28\)S Cisco IOS 12.0\(28\)S1 Cisco IOS 12.0\(28\)S2 Cisco IOS 12.0\(28\)S3 Cisco IOS 12.0\(28\)S4 Cisco IOS 12.0\(28\)S4Z Cisco IOS 12.0\(28\)S5 Cisco IOS 12.0\(28\)S6 Cisco IOS 12.0\(28\)W5\(31A\) Cisco IOS 12.0\(28\)W5-30B Cisco IOS 12.0\(28\)W5-32A Cisco IOS 12.0\(28C\) Cisco IOS 12.0\(28D\) Cisco IOS 12.0\(29\)S1 Cisco IOS 12.0\(30\)S Cisco IOS 12.0\(30\)S1 Cisco IOS 12.0\(30\)S2 Cisco IOS 12.0\(30\)S3 Cisco IOS 12.0\(30\)S4 Cisco IOS 12.0\(30\)S5 Cisco IOS 12.0\(30\)Sz10 Cisco IOS 12.0\(31\)S Cisco IOS 12.0\(31\)S1 Cisco IOS 12.0\(31\)S2 Cisco IOS 12.0\(31\)S3 Cisco IOS 12.0\(31\)S4 Cisco IOS 12.0\(31\)S5 Cisco IOS 12.0\(31\)S6 Cisco IOS 12.0\(31\)Sz3 Cisco IOS 12.0\(32\)S Cisco IOS 12.0\(32\)S1 Cisco IOS 12.0\(32\)S2 Cisco IOS 12.0\(32\)S2A Cisco IOS 12.0\(32\)S3 Cisco IOS 12.0\(32\)S4 Cisco IOS 12.0\(32\)S5 Cisco IOS 12.0\(32\)S6 Cisco IOS 12.0\(32\)S6\(C1\) Cisco IOS 12.0\(32\)S7 Cisco IOS 12.0\(32\)S8 Cisco IOS 12.0\(32\)S9 Cisco IOS 12.0\(32\)S10 Cisco IOS 12.0\(32\)S11 Cisco IOS 12.0\(32\)S11Z Cisco IOS 12.0\(32\)S12 Cisco IOS 12.0\(32\)S13 Cisco IOS 12.0\(32\)S14 Cisco IOS 12.0\(32\)S15 Cisco IOS 12.0\(32\)S16 Cisco IOS 12.0\(32\)S17 Cisco IOS 12.0\(32\)Sy Cisco IOS 12.0\(32\)Sy1 Cisco IOS 12.0\(32\)Sy2 Cisco IOS 12.0\(32\)Sy3 Cisco IOS 12.0\(32\)Sy4 Cisco IOS 12.0\(32\)Sy5 Cisco IOS 12.0\(32\)Sy6 Cisco IOS 12.0\(32\)Sy7 Cisco IOS 12.0\(32\)Sy8 Cisco IOS 12.0\(32\)Sy9 Cisco IOS 12.0\(32\)Sy9B Cisco IOS 12.0\(32\)Sy10 Cisco IOS 12.0\(32\)Sy11 Cisco IOS 12.0\(32\)Sy12 Cisco IOS 12.0\(32\)Sy13 Cisco IOS 12.0\(32\)Sy14 Cisco IOS 12.0\(32\)Sy15 Cisco IOS 12.0\(32\)Sy16 Cisco IOS 12.0\(33\)S Cisco IOS 12.0\(33\)S1 Cisco IOS 12.0\(33\)S2 Cisco IOS 12.0\(33\)S3 Cisco IOS 12.0\(33\)S4 Cisco IOS 12.0\(33\)S5 Cisco IOS 12.0\(33\)S6 Cisco IOS 12.0\(33\)S7 Cisco IOS 12.0\(33\)S8 Cisco IOS 12.0\(33\)S9 Cisco IOS 12.0\(128\)S1 Cisco IOS 12.0\(131\)S5 Cisco IOS 12.0\(131\)S6 Cisco IOS 12.0Da Cisco IOS 12.0Db Cisco IOS 12.0Dc Cisco IOS 12.0Ev Cisco IOS 12.0S Cisco IOS 12.0Sc Cisco IOS 12.0Sl Cisco IOS 12.0Sp Cisco IOS 12.0St Cisco IOS 12.0Sv Cisco IOS 12.0Sx Cisco IOS 12.0Sy Cisco IOS 12.0Sz Cisco IOS 12.0T Cisco IOS 12.0W Cisco IOS 12.0W5 Cisco IOS 12.0Wc Cisco IOS 12.0Wt Cisco IOS 12.0Wx Cisco IOS 12.0Xa Cisco IOS 12.0Xb Cisco IOS 12.0Xc Cisco IOS 12.0Xd Cisco IOS 12.0Xe Cisco IOS 12.0Xf Cisco IOS 12.0Xg Cisco IOS 12.0Xh Cisco IOS 12.0Xi Cisco IOS 12.0Xj Cisco IOS 12.0Xk Cisco IOS 12.0Xl Cisco IOS 12.0Xm Cisco IOS 12.0Xn Cisco IOS 12.0Xp Cisco IOS 12.0Xq Cisco IOS 12.0Xr Cisco IOS 12.0Xs Cisco IOS 12.0Xt Cisco IOS 12.0Xu Cisco IOS 12.0Xv Cisco IOS 12.0Xw Cisco IOS 12.1	791

Exploit-Db

description	Linux kernel 2.2 Predictable TCP Initial Sequence Number Vulnerability. CVE-1999-0077 ,CVE-2000-0916,CVE-2001-0162,CVE-2001-0163,CVE-2001-0288,CVE-2001-0328...
id	EDB-ID:19522
last seen	2016-02-02
modified	1999-09-27
published	1999-09-27
reporter	Stealth and S. Krahmer
source	https://www.exploit-db.com/download/19522/
title	Linux kernel 2.2 Predictable TCP Initial Sequence Number Vulnerability

Nessus

NASL family	CISCO
NASL id	CSCDS04747.NASL
description	Cisco IOS Software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers. This vulnerability is present in all released versions of Cisco IOS software running on Cisco routers and switches. It only affects the security of TCP connections that originate or terminate on the affected Cisco device itself; it does not apply to TCP traffic forwarded through the affected device in transit between two other hosts. This vulnerability is documented as Cisco bug ID CSCds04747.
last seen	2020-03-28
modified	2002-06-05
plugin id	10976
published	2002-06-05
reporter	This script is Copyright (C) 2002-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/10976
title	Cisco IOS TCP Sequence Prediction Connection Hijacking (CSCds04747)
code	# # (C) Tenable Network Security, Inc. # # Script audit and contributions from Carmichael Security # Erik Anderson <[email protected]> (nb: domain no longer exists) # Added BugtraqID and CAN # include("compat.inc"); if(description) { script_id(10976); script_version("1.26"); script_cve_id("CVE-2001-0288", "CVE-2001-0328"); script_bugtraq_id(2682); script_name(english:"Cisco IOS TCP Sequence Prediction Connection Hijacking (CSCds04747)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch." ); script_set_attribute(attribute:"description", value: "Cisco IOS Software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers. This vulnerability is present in all released versions of Cisco IOS software running on Cisco routers and switches. It only affects the security of TCP connections that originate or terminate on the affected Cisco device itself; it does not apply to TCP traffic forwarded through the affected device in transit between two other hosts. This vulnerability is documented as Cisco bug ID CSCds04747." ); script_set_attribute(attribute:"solution", value: "http://www.nessus.org/u?021e980a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2002/06/05"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/27"); script_set_attribute(attribute:"vuln_publication_date", value: "1995/01/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value: "cpe:/o:cisco:ios"); script_end_attributes(); script_summary(english:"Uses SNMP to determine if a flaw is present"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2002-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CISCO"); script_dependencies("snmp_sysDesc.nasl", "snmp_cisco_type.nasl"); script_require_keys("SNMP/community", "SNMP/sysDesc", "CISCO/model"); exit(0); } # The code starts here ok=0; os = get_kb_item("SNMP/sysDesc"); if(!os)exit(0); hardware = get_kb_item("CISCO/model"); if(!hardware)exit(0); # Check for the required operating system... #---------------------------------------------------------------- # Is this IOS ? if(!egrep(pattern:".(Internetwork Operating\|IOS).", string:os))exit(0); # 11.0 if(egrep(string:os, pattern:"(^\|\s+)(11\.0\(([0-9]\|[1-1][0-9]\|2[0-1])\)\|11\.0),"))ok=1; # 11.1 if(egrep(string:os, pattern:"(^\|\s+)(11\.1\(([0-9]\|[1-1][0-9]\|2[0-3])\)\|11\.1),"))ok=1; # 11.1AA if(egrep(string:os, pattern:"(^\|\s+)(11\.1\([0-9]\)\|11\.1)AA[0-9],"))ok=1; # 11.1CA if(egrep(string:os, pattern:"(^\|\s+)((11\.1\(([0-9]\|[1-2][0-9]\|3[0-5])\)\|11\.1)CA[0-9]\|11\.1\(36\)CA[0-0]),"))ok=1; # 11.1CC if(egrep(string:os, pattern:"(^\|\s+)((11\.1\(([0-9]\|[1-2][0-9]\|3[0-5])\)\|11\.1)CC[0-9]\|11\.1\(36\)CC[0-0]),"))ok=1; # 11.1CT if(egrep(string:os, pattern:"(^\|\s+)(11\.1\([0-9]\)\|11\.1)CT[0-9],"))ok=1; # 11.1IA if(egrep(string:os, pattern:"(^\|\s+)((11\.1\(([0-9]\|[1-1][0-9]\|2[0-7])\)\|11\.1)IA[0-9]\|11\.1\(28\)IA[0-0]),"))ok=1; # 11.2 if(egrep(string:os, pattern:"(^\|\s+)(11\.2\(([0-9]\|[1-1][0-9]\|2[0-4])\)\|11\.2),"))ok=1; # 11.2BC if(egrep(string:os, pattern:"(^\|\s+)(11\.2\([0-9]\)\|11\.2)BC[0-9],"))ok=1; # 11.2F if(egrep(string:os, pattern:"(^\|\s+)(11\.2\([0-9]\)\|11\.2)F[0-9],"))ok=1; # 11.2GS if(egrep(string:os, pattern:"(^\|\s+)(11\.2\([0-9]\)\|11\.2)GS[0-9],"))ok=1; # 11.2P if(egrep(string:os, pattern:"(^\|\s+)(11\.2\(([0-9]\|[1-1][0-9]\|2[0-4])\)\|11\.2)P[0-9],"))ok=1; # 11.2SA if(egrep(string:os, pattern:"(^\|\s+)(11\.2\([0-9]\)\|11\.2)SA[0-9],"))ok=1; # 11.2WA3 if(egrep(string:os, pattern:"(^\|\s+)(11\.2\([0-9]\)\|11\.2)WA3[0-9],"))ok=1; # 11.2XA if(egrep(string:os, pattern:"(^\|\s+)(11\.2\([0-9]\)\|11\.2)XA[0-9],"))ok=1; # 11.3 if(egrep(string:os, pattern:"(^\|\s+)(11\.3\(([0-9]\|1[0-0])\)\|11\.3),"))ok=1; # 11.3AA if(egrep(string:os, pattern:"(^\|\s+)(11\.3\(([0-9]\|1[0-0])\)\|11\.3)AA[0-9],"))ok=1; # 11.3DA if(egrep(string:os, pattern:"(^\|\s+)(11\.3\([0-9]\)\|11\.3)DA[0-9],"))ok=1; # 11.3DB if(egrep(string:os, pattern:"(^\|\s+)(11\.3\([0-9]\)\|11\.3)DB[0-9],"))ok=1; # 11.3HA if(egrep(string:os, pattern:"(^\|\s+)(11\.3\([0-9]\)\|11\.3)HA[0-9],"))ok=1; # 11.3MA if(egrep(string:os, pattern:"(^\|\s+)((11\.3\([0-0]\)\|11\.3)MA[0-9]\|11\.3\(1\)MA[0-7]),"))ok=1; # 11.3NA if(egrep(string:os, pattern:"(^\|\s+)(11\.3\([0-9]\)\|11\.3)NA[0-9],"))ok=1; # 11.3T if(egrep(string:os, pattern:"(^\|\s+)((11\.3\(([0-9]\|1[0-0])\)\|11\.3)T[0-9]\|11\.3\(11\)T[0-0]),"))ok=1; # 11.3WA4 if(egrep(string:os, pattern:"(^\|\s+)(11\.3\([0-9]\)\|11\.3)WA4[0-9],"))ok=1; # 11.3XA if(egrep(string:os, pattern:"(^\|\s+)(11\.3\([0-9]\)\|11\.3)XA[0-9],"))ok=1; # 12.0 if(egrep(string:os, pattern:"(^\|\s+)(12\.0\(([0-9]\|1[0-4])\)\|12\.0),"))ok=1; # 12.0DA if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)DA[0-9],"))ok=1; # 12.0DB if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)DB[0-9],"))ok=1; # 12.0DC if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)DC[0-9],"))ok=1; # 12.0S if(egrep(string:os, pattern:"(^\|\s+)((12\.0\(([0-9]\|1[0-3])\)\|12\.0)S[0-9]\|12\.0\(14\)S[0-0]),"))ok=1; # 12.0SC if(egrep(string:os, pattern:"(^\|\s+)((12\.0\(([0-9]\|1[0-4])\)\|12\.0)SC[0-9]\|12\.0\(15\)SC[0-0]),"))ok=1; # 12.0SL if(egrep(string:os, pattern:"(^\|\s+)((12\.0\(([0-9]\|1[0-3])\)\|12\.0)SL[0-9]\|12\.0\(14\)SL[0-0]),"))ok=1; # 12.0ST if(egrep(string:os, pattern:"(^\|\s+)((12\.0\(([0-9]\|1[0-0])\)\|12\.0)ST[0-9]\|12\.0\(11\)ST[0-1]),"))ok=1; # 12.0SX if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)SX[0-9],"))ok=1; # 12.0T if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)T[0-9],"))ok=1; # 12.0W5 if(egrep(string:os, pattern:"(^\|\s+)(12\.0\(([0-9]\|1[0-2])\)\|12\.0)W5[0-9],"))ok=1; # 12.0WT if(egrep(string:os, pattern:"(^\|\s+)((12\.0\(([0-9]\|1[0-2])\)\|12\.0)WT[0-9]\|12\.0\(13\)WT[0-5]),"))ok=1; # 12.0XA if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XA[0-9],"))ok=1; # 12.0XB if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XB[0-9],"))ok=1; # 12.0XC if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XC[0-9],"))ok=1; # 12.0XD if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XD[0-9],"))ok=1; # 12.0XE if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XE[0-9],"))ok=1; # 12.0XF if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XF[0-9],"))ok=1; # 12.0XG if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XG[0-9],"))ok=1; # 12.0XH if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XH[0-9],"))ok=1; # 12.0XI if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XI[0-9],"))ok=1; # 12.0XJ if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XJ[0-9],"))ok=1; # 12.0XK if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XK[0-9],"))ok=1; # 12.0XL if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XL[0-9],"))ok=1; # 12.0XM if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XM[0-9],"))ok=1; # 12.0XN if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XN[0-9],"))ok=1; # 12.0XP if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XP[0-9],"))ok=1; # 12.0XQ if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XQ[0-9],"))ok=1; # 12.0QR if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)QR[0-9],"))ok=1; # 12.0XS if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XS[0-9],"))ok=1; # 12.0XU if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XU[0-9],"))ok=1; # 12.0XV if(egrep(string:os, pattern:"(^\|\s+)(12\.0\([0-9]\)\|12\.0)XV[0-9],"))ok=1; # 12.1 if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-6]\)\|12\.1),"))ok=1; # 12.1AA if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-6]\)\|12\.1)AA[0-9],"))ok=1; # 12.1DA if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-5]\)\|12\.1)DA[0-9],"))ok=1; # 12.1CD if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-3]\)\|12\.1)CD[0-9],"))ok=1; # 12.DB if(egrep(string:os, pattern:"(^\|\s+)(12\.\([0-4]\)\|12\.)DB[0-9],"))ok=1; # 12.1DC if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-4]\)\|12\.1)DC[0-9],"))ok=1; # 12.1E if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-5]\)\|12\.1)E[0-9],"))ok=1; # 12.1EC if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-5]\)\|12\.1)EC[0-9],"))ok=1; # 12.1EX if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-4]\)\|12\.1)EX[0-9],"))ok=1; # 12.1T if(egrep(string:os, pattern:"(^\|\s+)((12\.1\([0-4]\)\|12\.1)T[0-9]\|12\.1\(5\)T[0-4]),"))ok=1; # 12.1XA if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-9]\)\|12\.1)XA[0-9],"))ok=1; # 12.1XB if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-9]\)\|12\.1)XB[0-9],"))ok=1; # 12.1XC if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-9]\)\|12\.1)XC[0-9],"))ok=1; # 12.1XD if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-9]\)\|12\.1)XD[0-9],"))ok=1; # 12.1XE if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-9]\)\|12\.1)XE[0-9],"))ok=1; # 12.1XF if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-9]\)\|12\.1)XF[0-9],"))ok=1; # 12.1XG if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-9]\)\|12\.1)XG[0-9],"))ok=1; # 12.1XH if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-9]\)\|12\.1)XH[0-9],"))ok=1; # 12.1XI if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-9]\)\|12\.1)XI[0-9],"))ok=1; # 12.1XJ if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-9]\)\|12\.1)XJ[0-9],"))ok=1; # 12.1XK if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-9]\)\|12\.1)XK[0-9],"))ok=1; # 12.1XL if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-9]\)\|12\.1)XL[0-9],"))ok=1; # 12.1XM if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-9]\)\|12\.1)XM[0-9],"))ok=1; # 12.1XP if(egrep(string:os, pattern:"(^\|\s+)((12\.1\([0-2]\)\|12\.1)XP[0-9]\|12\.1\(3\)XP[0-2]),"))ok=1; # 12.1XQ if(egrep(string:os, pattern:"(^\|\s+)((12\.1\([0-2]\)\|12\.1)XQ[0-9]\|12\.1\(3\)XQ[0-2]),"))ok=1; # 12.1XR if(egrep(string:os, pattern:"(^\|\s+)((12\.1\([0-4]\)\|12\.1)XR[0-9]\|12\.1\(5\)XR[0-0]),"))ok=1; # 12.1XT if(egrep(string:os, pattern:"(^\|\s+)((12\.1\([0-2]\)\|12\.1)XT[0-9]\|12\.1\(3\)XT[0-0]),"))ok=1; # 12.1XU if(egrep(string:os, pattern:"(^\|\s+)((12\.1\([0-4]\)\|12\.1)XU[0-9]\|12\.1\(5\)XU[0-0]),"))ok=1; # 12.1XV if(egrep(string:os, pattern:"(^\|\s+)((12\.1\([0-4]\)\|12\.1)XV[0-9]\|12\.1\(5\)XV[0-0]),"))ok=1; # 12.1XW if(egrep(string:os, pattern:"(^\|\s+)((12\.1\([0-4]\)\|12\.1)XW[0-9]\|12\.1\(5\)XW[0-1]),"))ok=1; # 12.1XY if(egrep(string:os, pattern:"(^\|\s+)((12\.1\([0-4]\)\|12\.1)XY[0-9]\|12\.1\(5\)XY[0-3]),"))ok=1; # 12.1XZ if(egrep(string:os, pattern:"(^\|\s+)((12\.1\([0-4]\)\|12\.1)XZ[0-9]\|12\.1\(5\)XZ[0-1]),"))ok=1; # 12.1YA if(egrep(string:os, pattern:"(^\|\s+)((12\.1\([0-4]\)\|12\.1)YA[0-9]\|12\.1\(5\)YA[0-0]),"))ok=1; # 12.1YB if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-4]\)\|12\.1)YB[0-9],"))ok=1; # 12.1YC if(egrep(string:os, pattern:"(^\|\s+)((12\.1\([0-4]\)\|12\.1)YC[0-9]\|12\.1\(5\)YC[0-0]),"))ok=1; # 12.1YD if(egrep(string:os, pattern:"(^\|\s+)(12\.1\([0-4]\)\|12\.1)YD[0-9]*,"))ok=1; #---------------------------------------------- if(ok)security_hole(port:161, proto:"udp");

NASL family	CISCO
NASL id	CISCO-SA-20010301-IOS-TCP-ISN-RANDOMHTTP.NASL
description	Cisco IOS Software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers. This vulnerability is present in all released versions of Cisco IOS software running on Cisco routers and switches. It only affects the security of TCP connections that originate or terminate on the affected Cisco device itself; it does not apply to TCP traffic forwarded through the affected device in transit between two other hosts. To remove the vulnerability, Cisco is offering free software upgrades for all affected platforms. The defect is described in DDTS record CSCds04747. Workarounds are available that limit or deny successful exploitation of the vulnerability by filtering traffic containing forged IP source addresses at the perimeter of a network or directly on individual devices.
last seen	2020-06-01
modified	2020-06-02
plugin id	48953
published	2010-09-01
reporter	This script is (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/48953
title	Cisco IOS Software TCP Initial Sequence Number Randomization Improvements - Cisco Systems
code	# # (C) Tenable Network Security, Inc. # # Security advisory is (C) CISCO, Inc. # See https://www.cisco.com/en/US/products/products_security_advisory09186a00800b1396.shtml if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(48953); script_version("1.12"); script_cve_id("CVE-2001-0288"); script_bugtraq_id(2682); script_xref(name:"CERT", value:"498440"); script_xref(name:"CISCO-BUG-ID", value:"CSCds04747"); script_xref(name:"CISCO-SA", value:"cisco-sa-20010301-ios-tcp-isn-random"); script_name(english:"Cisco IOS Software TCP Initial Sequence Number Randomization Improvements - Cisco Systems"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: 'Cisco IOS Software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers. This vulnerability is present in all released versions of Cisco IOS software running on Cisco routers and switches. It only affects the security of TCP connections that originate or terminate on the affected Cisco device itself; it does not apply to TCP traffic forwarded through the affected device in transit between two other hosts. To remove the vulnerability, Cisco is offering free software upgrades for all affected platforms. The defect is described in DDTS record CSCds04747. Workarounds are available that limit or deny successful exploitation of the vulnerability by filtering traffic containing forged IP source addresses at the perimeter of a network or directly on individual devices. '); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20010301-ios-tcp-isn-random script_set_attribute(attribute:"see_also", value: "http://www.nessus.org/u?98df6997"); # https://www.cisco.com/en/US/products/products_security_advisory09186a00800b1396.shtml script_set_attribute(attribute:"see_also", value: "http://www.nessus.org/u?4b55ca71"); script_set_attribute(attribute:"solution", value: "Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20010301-ios-tcp-isn-random."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value: "local"); script_set_attribute(attribute:"cpe", value: "cpe:/o:cisco:ios"); script_set_attribute(attribute:"vuln_publication_date", value: "2001/03/01"); script_set_attribute(attribute:"patch_publication_date", value: "2001/03/01"); script_set_attribute(attribute:"plugin_publication_date", value: "2010/09/01"); script_cvs_date("Date: 2018/11/15 20:50:20"); script_end_attributes(); script_summary(english:"Uses SNMP to determine if a flaw is present"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is (C) 2010-2018 Tenable Network Security, Inc."); script_family(english:"CISCO"); script_dependencie("cisco_ios_version.nasl"); script_require_keys("Host/Cisco/IOS/Version"); exit(0); } include("cisco_func.inc"); # version = get_kb_item_or_exit("Host/Cisco/IOS/Version"); # Affected: 11.0 if (deprecated_version(version, "11.0")) { security_hole(port:0, extra: '\nUpdate to 11.1(22a) or later\n'); exit(0); } # Affected: 11.1 if (check_release(version: version, patched: make_list("11.1(24a)") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 11.1AA if (deprecated_version(version, "11.1AA")) { security_hole(port:0, extra: '\nUpdate to 12.1(7) or later\n'); exit(0); } # Affected: 11.1CA if (check_release(version: version, patched: make_list("11.1(36)CA1") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 11.1CC if (check_release(version: version, patched: make_list("11.1(36)CC1") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 11.1CT if (deprecated_version(version, "11.1CT")) { security_hole(port:0, extra: '\nUpdate to 12.0(11)ST2 or later\n'); exit(0); } # Affected: 11.1IA if (check_release(version: version, patched: make_list("11.1(28a)IA1") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 11.2 if (check_release(version: version, patched: make_list("11.2(25)"))) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 11.2BC if (deprecated_version(version, "11.2BC")) { security_hole(port:0, extra: '\nUpdate to 12.1(7) or later\n'); exit(0); } # Affected: 11.2F if (deprecated_version(version, "11.2F")) { security_hole(port:0, extra: '\nNo updates are scheduled for 11.2F. Upgrade to a supported version\n'); exit(0); } # Affected: 11.2GS if (deprecated_version(version, "11.2GS")) { security_hole(port:0, extra: '\nUpdate to 12.0(15)S1 or later\n'); exit(0); } # Affected: 11.2P if (check_release(version: version, patched: make_list("11.2(25)P"))) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 11.2SA if (deprecated_version(version, "11.2SA")) { security_hole(port:0, extra: '\nUpgrade to 12.0WC\n'); exit(0); } # Affected: 11.2WA3 if (version == '11.2WA3') { security_hole(port:0, extra: '\nUpdate to 12.0(10)W(18b) or later\n'); exit(0); } # Affected: 11.2(4)XA if (version == '11.2(4)XA' \|\| version == '11.2(9)XA') { security_hole(port:0, extra: '\nUpdate to 11.2(25)P or later\n'); exit(0); } # Affected: 11.3 if (check_release(version: version, patched: make_list("11.3(11b)") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 11.3AA if (check_release(version: version, patched: make_list("11.3(11a)AA") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 11.3DA if (deprecated_version(version, "11.3DA")) { security_hole(port:0, extra: '\nUpdate to 12.1(5)DA1 or later\n'); exit(0); } # Affected: 11.3DB if (deprecated_version(version, "11.3DB")) { security_hole(port:0, extra: '\nUpdate to 12.1(4)DB1 or later\n'); exit(0); } # Affected: 11.3HA if (deprecated_version(version, "11.3HA")) { security_hole(port:0, extra: '\nNo updates are scheduled for 11.3HA. Upgrade to a supported version\n'); exit(0); } # Affected: 11.3MA if (check_release(version: version, patched: make_list("11.3(1)MA8") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 11.3NA if (deprecated_version(version, "11.3NA")) { security_hole(port:0, extra: '\nUpdate to 12.1(7) or later\n'); exit(0); } # Affected: 11.3T if (check_release(version: version, patched: make_list("11.3(11b)T1") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 11.3WA4 if (version == '11.3WA4') { security_hole(port:0, extra: '\nUpdate to 12.0(10)W(18b) or later\n'); exit(0); } # Affected: 11.3(2)XA if (version == '11.3(2)XA') { security_hole(port:0, extra: '\nUpdate to 11.3(11b)T1 or later\n'); exit(0); } # Affected: 12.0 if (check_release(version: version, patched: make_list("12.0(15)") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.0S if (check_release(version: version, patched: make_list("12.0(14)S1", "12.0(14.6)S") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.0DA if (deprecated_version(version, "12.0DA")) { security_hole(port:0, extra: '\nUpdate to 12.1(5)DA1 or later\n'); exit(0); } # Affected: 12.0DB if (deprecated_version(version, "12.0DB")) { security_hole(port:0, extra: '\nUpdate to 12.1(4)DB1 or later\n'); exit(0); } # Affected: 12.0DC if (deprecated_version(version, "12.0DC")) { security_hole(port:0, extra: '\nUpdate to 12.1(4)DA2 or later\n'); exit(0); } # Affected: 12.0S if (check_release(version: version, patched: make_list("12.0(14)S1") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.0SC if (check_release(version: version, patched: make_list("12.0(15)SC1") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.0SL if (check_release(version: version, patched: make_list("12.0(14)SL1") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.0ST if (check_release(version: version, patched: make_list("12.0(11)ST2") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.0SX if (deprecated_version(version, "12.0SX")) { security_hole(port:0, extra: '\nUpdate to 12.0(5c)E8 or later\n'); exit(0); } # Affected: 12.0T if (deprecated_version(version, "12.0T")) { security_hole(port:0, extra: '\nUpdate to 12.1(7) or later\n'); exit(0); } # Affected: 12.0W5 if (check_release(version: version, patched: make_list("12.0(13)W5(19c)") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.0WT if (check_release(version: version, patched: make_list("12.0(13)WT6(1)") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.0XA if (deprecated_version(version, "12.0XA")) { security_hole(port:0, extra: '\nUpdate to 12.1(7) or later\n'); exit(0); } # Affected: 12.0XB if (deprecated_version(version, "12.0XB")) { security_hole(port:0, extra: '\nUpdate to 12.1(7) or later\n'); exit(0); } # Affected: 12.0XC if (deprecated_version(version, "12.0XC")) { security_hole(port:0, extra: '\nUpdate to 12.1(7) or later\n'); exit(0); } # Affected: 12.0XD if (deprecated_version(version, "12.0XD")) { security_hole(port:0, extra: '\nUpdate to 12.1(7) or later\n'); exit(0); } # Affected: 12.0XE if (deprecated_version(version, "12.0XE")) { security_hole(port:0, extra: '\nUpdate to 12.1(5)E8 or later\n'); exit(0); } # Affected: 12.0XF if (deprecated_version(version, "12.0XF")) { security_hole(port:0, extra: '\nUpdate to 12.1(7) or later\n'); exit(0); } # Affected: 12.0XG if (deprecated_version(version, "12.0XG")) { security_hole(port:0, extra: '\nUpdate to 12.1(7) or later\n'); exit(0); } # Affected: 12.0XH if (check_release(version: version, patched: make_list("12.0(4)XH5") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.0XI if (deprecated_version(version, "12.0XI")) { security_hole(port:0, extra: '\nUpdate to 12.1(7) or later\n'); exit(0); } # Affected: 12.0XJ if (deprecated_version(version, "12.0XJ")) { security_hole(port:0, extra: '\nUpdate to 12.1(7) or later\n'); exit(0); } # Affected: 12.0XK if (check_release(version: version, patched: make_list("12.0(7)XK4") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.0XL if (deprecated_version(version, "12.0XL")) { security_hole(port:0, extra: '\nUpdate to 12.0(4)XH5 or later\n'); exit(0); } # Affected: 12.0XM if (check_release(version: version, patched: make_list("12.0(5)XM1") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.0XN if (deprecated_version(version, "12.0XN")) { security_hole(port:0, extra: '\nNo updates are scheduled for 12.0XN. Upgrade to a supported version\n'); exit(0); } # Affected: 12.0XP if (deprecated_version(version, "12.0XP")) { security_hole(port:0, extra: '\nUpdate to 12.1WC\n'); exit(0); } # Affected: 12.0XQ if (deprecated_version(version, "12.0XQ")) { security_hole(port:0, extra: '\nUpdate to 12.1(7) or later\n'); exit(0); } # Affected: 12.0XR if (deprecated_version(version, "12.0XR")) { security_hole(port:0, extra: '\nUpdate to 12.1(5)T5 or later\n'); exit(0); } # Affected: 12.0XS if (deprecated_version(version, "12.0XS")) { security_hole(port:0, extra: '\nUpdate to 12.1(5)E8 or later\n'); exit(0); } # Affected: 12.0XU if (deprecated_version(version, "12.0XU")) { security_hole(port:0, extra: '\nUpdate to 12.1WC\n'); exit(0); } # Affected: 12.0XV if (deprecated_version(version, "12.0XV")) { security_hole(port:0, extra: '\nUpdate to 12.1(5)T5 or later\n'); exit(0); } # Affected: 12.1 if (check_release(version: version, patched: make_list("12.1(5c)"))) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1AA if (check_release(version: version, patched: make_list("12.1(7)AA"))) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1DA if (check_release(version: version, patched: make_list("12.1(5)DA1"))) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1CX if (check_release(version: version, patched: make_list("12.1(4)CX"))) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1DB if (check_release(version: version, patched: make_list("12.1(4)DB1"))) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1DC if (check_release(version: version, patched: make_list("12.1(4)DC2"))) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1E if (check_release(version: version, patched: make_list("12.1(5.6)E"))) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1EC if (check_release(version: version, patched: make_list("12.1(4.5)EC"))) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1EX if (check_release(version: version, patched: make_list("12.1(5c)EX") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1T if (check_release(version: version, patched: make_list("12.1(5)T5") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1XA if (deprecated_version(version, "12.1XA")) { security_hole(port:0, extra: '\nUpdate to 12.1(5)T5 or later\n'); exit(0); } # Affected: 12.1XB if (deprecated_version(version, "12.1XB")) { security_hole(port:0, extra: '\nUpdate to 12.1(5)T5 or later\n'); exit(0); } # Affected: 12.1XC if (deprecated_version(version, "12.1XC")) { security_hole(port:0, extra: '\nUpdate to 12.1(5)T5 or later\n'); exit(0); } # Affected: 12.1XD if (deprecated_version(version, "12.1XD")) { security_hole(port:0, extra: '\nUpdate to 12.1(5)T5 or later\n'); exit(0); } # Affected: 12.1XE if (deprecated_version(version, "12.1XE")) { security_hole(port:0, extra: '\nUpdate to 12.1(5)T5 or later\n'); exit(0); } # Affected: 12.1XF if (check_release(version: version, patched: make_list("12.1(2)XF3") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1XG if (check_release(version: version, patched: make_list("12.1(3)XG3") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1XH if (check_release(version: version, patched: make_list("12.1(2)XH5") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1XI if (check_release(version: version, patched: make_list("12.1(3a)XI6") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1XJ if (deprecated_version(version, "12.1XJ")) { security_hole(port:0, extra: '\nNo updates are scheduled for 12.1XJ. Upgrade to a supported version.\n'); exit(0); } # Affected: 12.1XK if (deprecated_version(version, "12.1XK")) { security_hole(port:0, extra: '\nUpdate to 12.1(5)T5 or later\n'); exit(0); } # Affected: 12.1XL if (check_release(version: version, patched: make_list("12.1(3)XL1") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1XM if (check_release(version: version, patched: make_list("12.1(5)XM1") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1XP if (check_release(version: version, patched: make_list("12.1(3)XP3") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1XQ if (check_release(version: version, patched: make_list("12.1(3)XQ3") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1XR if (check_release(version: version, patched: make_list("12.1(5)XR1") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1XS if (check_release(version: version, patched: make_list("12.1(5)XS") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1XT if (check_release(version: version, patched: make_list("12.1(3)XT1") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1XU if (check_release(version: version, patched: make_list("12.1(5)XU1") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1XV if (check_release(version: version, patched: make_list("12.1(5)XV1") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1XW if (check_release(version: version, patched: make_list("12.1(5)XW2") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1XX if (check_release(version: version, patched: make_list("12.1(5)XX3") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1XY if (check_release(version: version, patched: make_list("12.1(5)XY4") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1XZ if (check_release(version: version, patched: make_list("12.1(5)XZ2") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1YA if (check_release(version: version, patched: make_list("12.1(5)YA1") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1YB if (check_release(version: version, patched: make_list("12.1(5)YB") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1YC if (check_release(version: version, patched: make_list("12.1(5)YC1") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } # Affected: 12.1YD if (check_release(version: version, patched: make_list("12.1(5)YD") )) { security_hole(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0); } exit(0, "The remote host is not affected");

NASL family	General
NASL id	TCP_SEQ.NASL
description	The remote host has predictable TCP sequence numbers. An attacker may use this flaw to establish spoofed TCP connections to this host.
last seen	2020-06-01
modified	2020-06-02
plugin id	10443
published	2003-03-03
reporter	This script is Copyright (C) 2003-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10443
title	TCP/IP Predictable ISN (Initial Sequence Number) Generation Weakness
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(10443); script_version("1.31"); script_cvs_date("Date: 2019/03/06 18:38:55"); script_cve_id( "CVE-1999-0077", "CVE-2004-0641", "CVE-2001-0162", "CVE-2001-0163", "CVE-2001-0751", "CVE-2001-0288", "CVE-2001-1104", "CVE-2000-0916" ); script_bugtraq_id(107, 670, 3098, 10881); script_name(english:"TCP/IP Predictable ISN (Initial Sequence Number) Generation Weakness"); script_summary(english:"TCP SEQ"); script_set_attribute(attribute:"synopsis", value: "It is possible to predict TCP/IP Initial Sequence Numbers for the remote host."); script_set_attribute(attribute:"description", value: "The remote host has predictable TCP sequence numbers. An attacker may use this flaw to establish spoofed TCP connections to this host."); script_set_attribute(attribute:"solution", value:"Contact your vendor for a patch."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"1995/01/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/03"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2019 Tenable Network Security, Inc."); script_family(english:"General"); script_require_keys("Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); if ( TARGET_IS_IPV6 ) exit(1, "This check is not implemented for IPv6 hosts."); MAX_RETRIES = 5; function probe(port) { local_var flags, sport, ip, tcp, filter, i, rep, seq; ip = forge_ip_packet( ip_hl :5, ip_v :4, ip_tos :0, ip_len :20, ip_id :31338, ip_off :0, ip_ttl :64, ip_p :IPPROTO_TCP, ip_src :compat::this_host() ); sport = (rand() % 60000) + 1024; tcp = forge_tcp_packet(ip:ip, th_sport: sport, th_dport: port, th_flags:TH_SYN, th_seq: rand(), th_ack: 0, th_x2: 0, th_off: 5, th_win: 8192, th_urp: 0); # Note: these ports look backwards because we're capturing the response filter = "tcp and src host " + get_host_ip() + " and src port " + port + " and dst port " + sport; for ( i = 0 ; i < MAX_RETRIES ; i ++ ) { rep = send_packet(tcp, pcap_active:TRUE, pcap_filter:filter, pcap_timeout:1); if ( rep ) break; } if ( ! rep ) exit(1, "No response to the probe."); flags = get_tcp_element(tcp:rep, element:"th_flags"); if ( flags != (TH_SYN\|TH_ACK)) exit(1, "The server returned an unexpected packet."); seq = get_tcp_element(tcp:rep, element:"th_seq"); return seq; } # Get an open port port = get_host_open_port(); if (isnull(port) \|\| !port) exit(1, "Couldn't find an open port to check."); for (mu=0; mu<5; mu++) { seqs = make_list(); for ( i = 0 ; i < 5 ; i ++ ) { seqs[i] = probe(port:port); } diffs = make_list(); for ( i = 1; i < 5 ; i ++ ) { diffs[i - 1] = seqs[i] - seqs[i - 1]; # Ugly hack, as NASL does not handle unsigned ints if ( diffs[i - 1] < 0 ) diffs[i - 1] *= -1; } a = diffs[0]; for ( i = 1 ; i < 4 ; i ++ ) { b = diffs[i]; if ( a < b ) { c = a; a = b; b = c; } else { while ( b) { c = a % b; a = b; b = c; } } } if (mu == 0) { results = make_list(a); } else { results = make_list(results, a); } } if ( (results[0] == results[1]) && (results[0] == results[2]) && (results[0] == results[3]) && (results[0] == results[4]) ) security_hole(0); else exit(0, "Host does not appear to be vulnerable.");

References

http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml