Vulnerabilities > CVE-2002-1024 - Resource Management Errors vulnerability in Cisco products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attackers to cause a denial of service (CPU consumption) via a large packet that was designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family CISCO NASL id CSCDW33027.NASL description It is possible to make the remote IOS crash when sending it malformed SSH packets. last seen 2020-06-01 modified 2020-06-02 plugin id 11381 published 2003-03-14 reporter This script is (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11381 title Cisco IOS SSH Large Packet CPU Consumption DoS (CSCdw33027) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(11381); script_version("1.26"); script_cve_id("CVE-2002-1024"); script_bugtraq_id(5114); script_name(english:"Cisco IOS SSH Large Packet CPU Consumption DoS (CSCdw33027)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch." ); script_set_attribute(attribute:"description", value: "It is possible to make the remote IOS crash when sending it malformed SSH packets." ); script_set_attribute(attribute:"solution", value: "See http://www.nessus.org/u?7641e722" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"plugin_publication_date", value: "2003/03/14"); script_cvs_date("Date: 2018/06/27 18:42:25"); script_set_attribute(attribute:"vuln_publication_date", value: "2002/06/27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value: "cpe:/o:cisco:ios"); script_end_attributes(); script_summary(english:"Uses SNMP to determine if a flaw is present"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is (C) 2003-2018 Tenable Network Security, Inc."); script_family(english:"CISCO"); script_dependencie("snmp_sysDesc.nasl", "snmp_cisco_type.nasl"); script_require_keys("SNMP/community", "SNMP/sysDesc", "CISCO/model"); exit(0); } # The code starts here ok=0; os = get_kb_item("SNMP/sysDesc"); if(!os)exit(0); hardware = get_kb_item("CISCO/model"); if(!hardware)exit(0); # Check for the required operating system... #---------------------------------------------------------------- # Is this IOS ? if(!egrep(pattern:".*(Internetwork Operating|IOS).*", string:os))exit(0); # 12.0S if(egrep(string:os, pattern:"((12\.0\(([0-9]|1[0-6])\)|12\.0)S[0-9]*|12\.0\(17\)S[0-3]),"))ok=1; # 12.0SP if(egrep(string:os, pattern:"((12\.0\(([0-9]|1[0-9])\)|12\.0)SP[0-9]*|12\.0\(20\)SP[0-1]),"))ok=1; # 12.0ST if(egrep(string:os, pattern:"((12\.0\(([0-9]|1[0-6])\)|12\.0)ST[0-9]*|12\.0\(17\)ST[0-4]),"))ok=1; # 12.0XB if(egrep(string:os, pattern:"(12\.0\([0-9]*\)|12\.0)XB[0-9]*,"))ok=1; # 12.0XM if(egrep(string:os, pattern:"(12\.0\([0-9]*\)|12\.0)XM[0-9]*,"))ok=1; # 12.0XV if(egrep(string:os, pattern:"(12\.0\([0-9]*\)|12\.0)XV[0-9]*,"))ok=1; # 12.1E if(egrep(string:os, pattern:"(12\.1\(([0-9][^0-9]|10.[0-4])\)|12\.1)E[0-9]*,"))ok=1; # 12.1EC if(egrep(string:os, pattern:"(12\.1\(([0-9][^0-9]|10.[0-4])\)|12\.1)EC[0-9]*,"))ok=1; # 12.1EX if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)EX[0-9]*,"))ok=1; # 12.1T if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)T[0-9]*,"))ok=1; # 12.1XB if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)XB[0-9]*,"))ok=1; # 12.1XC if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)XC[0-9]*,"))ok=1; # 12.1XF if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)XF[0-9]*,"))ok=1; # 12.1XG if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)XG[0-9]*,"))ok=1; # 12.1XH if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)XH[0-9]*,"))ok=1; # 12.1X1 if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)X1[0-9]*,"))ok=1; # 12.1XJ if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)XJ[0-9]*,"))ok=1; # 12.1XL if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)XL[0-9]*,"))ok=1; # 12.1XM if(egrep(string:os, pattern:"((12\.1\([0-4]\)|12\.1)XM[0-9]*|12\.1\(5\)XM[0-6]),"))ok=1; # 12.1XP if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)XP[0-9]*,"))ok=1; # 12.1XQ if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)XQ[0-9]*,"))ok=1; # 12.1XT if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)XT[0-9]*,"))ok=1; # 12.1XU if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)XU[0-9]*,"))ok=1; # 12.1YB if(egrep(string:os, pattern:"((12\.1\([0-4]\)|12\.1)YB[0-9]*|12\.1\(5\)YB[0-5]),"))ok=1; # 12.1YC if(egrep(string:os, pattern:"((12\.1\([0-4]\)|12\.1)YC[0-9]*|12\.1\(5\)YC[0-2]),"))ok=1; # 12.1YD if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)YD[0-9]*,"))ok=1; # 12.1YE if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)YE[0-9]*,"))ok=1; # 12.1YF if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)YF[0-9]*,"))ok=1; # 12.1YI if(egrep(string:os, pattern:"(12\.1\([0-9]*\)|12\.1)YI[0-9]*,"))ok=1; # 12.2 if(egrep(string:os, pattern:"(12\.2\([0-6]\)|12\.2),"))ok=1; # 12.B if(egrep(string:os, pattern:"((12\.\([0-3]\)|12\.)B[0-9]*|12\.\(4\)B[0-2]),"))ok=1; # 12.2BC if(egrep(string:os, pattern:"((12\.2\([0-7]\)|12\.2)BC[0-9]*|12\.2\(8\)BC[0-0]),"))ok=1; # 12.2DA if(egrep(string:os, pattern:"(12\.2\([0-6]\)|12\.2)DA[0-9]*,"))ok=1; # 12.2DD if(egrep(string:os, pattern:"(12\.2\([0-9]*\)|12\.2)DD[0-9]*,"))ok=1; # 12.2S if(egrep(string:os, pattern:"(12\.2\(([0-6][^0-9]|7.[0-3])\)|12\.2)S[0-9]*,"))ok=1; # 12.2T if(egrep(string:os, pattern:"(12\.2\([0-7]\)|12\.2)T[0-9]*,"))ok=1; # 12.2XA if(egrep(string:os, pattern:"(12\.2\([0-9]*\)|12\.2)XA[0-9]*,"))ok=1; # 12.2XB if(egrep(string:os, pattern:"((12\.2\([0-1]\)|12\.2)XB[0-9]*|12\.2\(2\)XB[0-3]),"))ok=1; # 12.2XD if(egrep(string:os, pattern:"((12\.2\([0-0]\)|12\.2)XD[0-9]*|12\.2\(1\)XD[0-3]),"))ok=1; # 12.2XE if(egrep(string:os, pattern:"((12\.2\([0-0]\)|12\.2)XE[0-9]*|12\.2\(1\)XE[0-2]),"))ok=1; # 12.2XF if(egrep(string:os, pattern:"(12\.2\([0-9]*\)|12\.2)XF[0-9]*,"))ok=1; # 12.2XG if(egrep(string:os, pattern:"(12\.2\([0-9]*\)|12\.2)XG[0-9]*,"))ok=1; # 12.2XH if(egrep(string:os, pattern:"((12\.2\([0-1]\)|12\.2)XH[0-9]*|12\.2\(2\)XH[0-2]),"))ok=1; # 12.2XI if(egrep(string:os, pattern:"((12\.2\([0-1]\)|12\.2)XI[0-9]*|12\.2\(2\)XI[0-1]),"))ok=1; # 12.2XJ if(egrep(string:os, pattern:"(12\.2\([0-9]*\)|12\.2)XJ[0-9]*,"))ok=1; # 12.2XK if(egrep(string:os, pattern:"((12\.2\([0-1]\)|12\.2)XK[0-9]*|12\.2\(2\)XK[0-2]),"))ok=1; # 12.2XL if(egrep(string:os, pattern:"((12\.2\([0-3]\)|12\.2)XL[0-9]*|12\.2\(4\)XL[0-4]),"))ok=1; # 12.2XM if(egrep(string:os, pattern:"((12\.2\([0-3]\)|12\.2)XM[0-9]*|12\.2\(4\)XM[0-3]),"))ok=1; # 12.2XN if(egrep(string:os, pattern:"(12\.2\([0-9]*\)|12\.2)XN[0-9]*,"))ok=1; # 12.2XQ if(egrep(string:os, pattern:"(12\.2\([0-9]*\)|12\.2)XQ[0-9]*,"))ok=1; # 12.2XR if(egrep(string:os, pattern:"(12\.2\([0-9]*\)|12\.2)XR[0-9]*,"))ok=1; # 12.2XS if(egrep(string:os, pattern:"(12\.2\([0-9]*\)|12\.2)XS[0-9]*,"))ok=1; # 12.2XT if(egrep(string:os, pattern:"(12\.2\([0-9]*\)|12\.2)XT[0-9]*,"))ok=1; # 12.2XW if(egrep(string:os, pattern:"(12\.2\([0-9]*\)|12\.2)XW[0-9]*,"))ok=1; # 12.2XW if(egrep(string:os, pattern:"(12\.2\([0-9]*\)|12\.2)XW[0-9]*,"))ok=1; # 12.2YA if(egrep(string:os, pattern:"((12\.2\([0-3]\)|12\.2)YA[0-9]*|12\.2\(4\)YA[0-1]),"))ok=1; # 12.2YB if(egrep(string:os, pattern:"(12\.2\([0-9]*\)|12\.2)YB[0-9]*,"))ok=1; # 12.2YC if(egrep(string:os, pattern:"(12\.2\([0-9]*\)|12\.2)YC[0-9]*,"))ok=1; # 12.2YD if(egrep(string:os, pattern:"(12\.2\([0-9]*\)|12\.2)YD[0-9]*,"))ok=1; # 12.2YF if(egrep(string:os, pattern:"(12\.2\([0-9]*\)|12\.2)YF[0-9]*,"))ok=1; # 12.2YG if(egrep(string:os, pattern:"(12\.2\([0-3]\)|12\.2)YG[0-9]*,"))ok=1; # 12.2YH if(egrep(string:os, pattern:"(12\.2\([0-3]\)|12\.2)YH[0-9]*,"))ok=1; #---------------------------------------------- if(ok)security_hole(port:161, proto:"udp");NASL family CISCO NASL id CISCO-SA-20020627-SSH-SCANHTTP.NASL description While fixing vulnerabilities mentioned in the Cisco Security Advisory cisco-sa-20010627-ssh, a new vulnerability was introduced in some products. When an attacker tries to exploit the vulnerability VU#945216 (described in the CERT/CC Vulnerability Note at http://www.kb.cert.org/vuls/id/945216) the SSH module will consume too much of the processor\ last seen 2019-10-28 modified 2010-09-01 plugin id 48967 published 2010-09-01 reporter This script is (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48967 title Scanning for SSH Can Cause a Crash - Cisco Systems code #TRUSTED 7f156c713e8324172ab71a2be2461466d14135ac628009dcf033b4fa208219f0cf1207542008af3d3d628f8e93caf41364a1cd97930b6eaaf0795d107e28ce0ac68f0f859d747870e9bb2087b3634d2bdf97ada93ec2aa1c3f90a6e6c0411f826acba8a52da143562c6d5118aa09ae08bdfc1ebb1d82607ab0a3e053a6eefd140b2aa6cb3b4de4b48a44516f59deca0ef7110fc0707b8799fb7b2a1c207a36b329409213251a7ce47a2e68d19672c4aea11a725c7c0b666a8c9bcc162c2b9d79c6e6dd8640b1720889b905a223db2190424e28620f86527859ff3188d60b947e310244d0a25ae75f59f38ffafe7f46ab0ed8885849d4ec5768e377a04e4b10684b22fe8f251ecd0d3ea6d215fb598037ff9fd5b2f33b29a87d5c5fe07283e699abaa811367701f609506cdafc11d10d71931618e8bf79d4e40a72ef7efd529ff38584b23f8c408080154cabd6929f94b08aabf451f11e2ea5dc7b52aaff05b108f0d85431477b61ead31ede4c92ba684be38114fa46cba8003e7f02afc939b32d1bac72db4474f796ae3792c0bf7e640f4e5ce99a5f8691a53bb8517c541748d281a72375093a21cd36fda457ab68b22b75b3ce8b3a78b75d65cbc33e3d1788467c218b3cf43c4bad3b4d94d2e448f897acdf0afce0458117a62c5bd9ca42b453fd6b02e2ed1a393003dd69d1eb1cbb2577b3791b4bf389b8daa1acf9f1e7a1a # # (C) Tenable Network Security, Inc. # # Security advisory is (C) CISCO, Inc. # See https://www.cisco.com/en/US/products/products_security_advisory09186a008009fafa.shtml if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(48967); script_version("1.19"); script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15"); script_cve_id("CVE-2002-1024"); script_bugtraq_id(5114); script_xref(name:"CERT", value:"290140"); script_xref(name:"CISCO-BUG-ID", value:"CSCdv85279"); script_xref(name:"CISCO-BUG-ID", value:"CSCdw29965"); script_xref(name:"CISCO-BUG-ID", value:"CSCdw33027"); script_xref(name:"CISCO-BUG-ID", value:"CSCdw59394"); script_xref(name:"CISCO-BUG-ID", value:"CSCdx59197"); script_xref(name:"CISCO-SA", value:"cisco-sa-20020627-ssh-scan"); script_name(english:"Scanning for SSH Can Cause a Crash - Cisco Systems"); script_summary(english:"Checks the IOS version."); script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch"); script_set_attribute(attribute:"description", value: 'While fixing vulnerabilities mentioned in the Cisco Security Advisory cisco-sa-20010627-ssh, a new vulnerability was introduced in some products. When an attacker tries to exploit the vulnerability VU#945216 (described in the CERT/CC Vulnerability Note at http://www.kb.cert.org/vuls/id/945216) the SSH module will consume too much of the processor\'s time, effectively causing a DoS. In some cases the device will reboot. In order to be exposed SSH must be enabled on the device. It is possible to mitigate this vulnerability by preventing, or having control over, the SSH traffic.'); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020627-ssh-scan script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fab8dcf4"); # https://www.cisco.com/en/US/products/products_security_advisory09186a008009fafa.shtml script_set_attribute(attribute:"see_also", value: "http://www.nessus.org/u?b9451893"); script_set_attribute(attribute:"solution", value: "Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20020627-ssh-scan."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/06/27"); script_set_attribute(attribute:"patch_publication_date", value:"2002/06/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is (C) 2010-2018 Tenable Network Security, Inc."); script_family(english:"CISCO"); script_dependencie("cisco_ios_version.nasl"); script_require_keys("Host/Cisco/IOS/Version"); exit(0); } include("audit.inc"); include("cisco_func.inc"); include("cisco_kb_cmd_func.inc"); flag = 0; report_extra = ""; version = get_kb_item_or_exit("Host/Cisco/IOS/Version"); override = 0; # Affected: 12.0S if (check_release(version: version, patched: make_list("12.0(17)S4", "12.0(20.4)S", "12.0(21)S"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.0SP if (check_release(version: version, patched: make_list("12.0(20)SP2", "12.0(20.4)SP") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.0ST if (check_release(version: version, patched: make_list("12.0(17)ST5", "12.0(20.3)ST2"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.0XB if (deprecated_version(version, "12.0XB")) { report_extra = '\nUpdate to 12.1(1)T or later\n'; flag++; } # Affected: 12.0XM if (deprecated_version(version, "12.0XM")) { report_extra = '\nUpdate to 12.1(3)T or later\n'; flag++; } # Affected: 12.0XV if (deprecated_version(version, "12.0XV")) { report_extra = '\nUpdate to 12.1(2)T or later\n'; flag++; } # Affected: 12.1E if (check_release(version: version, patched: make_list("12.1(8b)E8", "12.1(10.5)E", "12.1(11b)E"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.1EC if (check_release(version: version, patched: make_list("12.1(10.5)EC", "12.1(12c)EC"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.1(1)EX if (version == '12.1(1)EX') { report_extra = '\nUpdate to 12.1(3)T or later\n'; flag++; } # Affected: 12.1(5c)EX if (version == '12.1(5c)EX') { report_extra = '\nUpdate to 12.1(6)EX or later\n'; flag++; } # Affected: 12.1(8a)EX if (version == '12.1(8a)EX') { report_extra = '\nUpdate to 12.1(11)E or later\n'; flag++; } # Affected: 12.1(9)EX if (version == '12.1(9)EX') { report_extra = '\nUpdate to 12.1(10)EX or later\n'; flag++; } # Affected: 12.1T if (deprecated_version(version, "12.1T")) { report_extra = '\nUpdate to 12.2(7) or later\n'; flag++; } # Affected: 12.1XB if (deprecated_version(version, "12.1XB")) { report_extra = '\nUpdate to 12.1(5)YB or later\n'; flag++; } # Affected: 12.1XC if (deprecated_version(version, "12.1XC")) { report_extra = '\nUpdate to 12.2(7) or later\n'; flag++; } # Affected: 12.1XF if (check_release(version: version, patched: make_list("12.1(2)XF6"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.1XG if (check_release(version: version, patched: make_list("12.1(3)XG7"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.1XH if (deprecated_version(version, "12.1XH")) { report_extra = '\nUpdate to 12.2(7) or later\n'; flag++; } # Affected: 12.1XI if (deprecated_version(version, "12.1XI")) { report_extra = '\nUpdate to 12.2(7) or later\n'; flag++; } # Affected: 12.1XJ if (deprecated_version(version, "12.1XJ")) { report_extra = '\nUpdate to 12.2(2)T or later\n'; flag++; } # Affected: 12.1XL if (deprecated_version(version, "12.1XL")) { report_extra = '\nUpdate to 12.2(7) or later\n'; flag++; } # Affected: 12.1XM if (check_release(version: version, patched: make_list("12.1(5)XM7"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.1XP if (deprecated_version(version, "12.1XP")) { report_extra = '\nUpdate to 12.2(2)T or later\n'; flag++; } # Affected: 12.1XQ if (deprecated_version(version, "12.1XQ")) { report_extra = '\nUpdate to 12.2(2)XB or later\n'; flag++; } # Affected: 12.1XT if (deprecated_version(version, "12.1XT")) { report_extra = '\nUpdate to 12.2(2)T or later\n'; flag++; } # Affected: 12.1XU if (deprecated_version(version, "12.1XU")) { report_extra = '\nUpdate to 12.2(2)T or later\n'; flag++; } # Affected: 12.1YB if (check_release(version: version, patched: make_list("12.1(5)YB6"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.1YC if (check_release(version: version, patched: make_list("12.1(5)YC3"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.1YD if (deprecated_version(version, "12.1YD")) { report_extra = '\nUpdate to 12.2(8)T or later\n'; flag++; } # Affected: 12.1YE if (deprecated_version(version, "12.1YE")) { report_extra = '\nUpdate to 12.1(5)YI or later\n'; flag++; } # Affected: 12.1YF if (deprecated_version(version, "12.1YF")) { report_extra = '\nUpdate to 12.2(2)XN or later\n'; flag++; } # Affected: 12.1YI if (deprecated_version(version, "12.1YI")) { report_extra = '\nUpdate to 12.2(2)YC or later\n'; flag++; } # Affected: 12.2 if (check_release(version: version, patched: make_list("12.2(6b)", "12.2(7.4)", "12.2(7)"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2B if (check_release(version: version, patched: make_list("12.2(4)B3", "12.2(7.6)B") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2BC if (check_release(version: version, patched: make_list("12.2(8)BC1") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2DA if (check_release(version: version, patched: make_list("12.2(6.8a)DA", "12.2(7)DA"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2DD if (deprecated_version(version, "12.2DD")) { report_extra = '\nUpdate to 12.2(4)B1 or later\n'; flag++; } # Affected: 12.2S if (check_release(version: version, patched: make_list("12.2(7.4)S") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2T if (check_release(version: version, patched: make_list("12.2(7.4)T", "12.2(8)T"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2XA if (deprecated_version(version, "12.2XA")) { report_extra = '\nUpdate to 12.2(4)T or later\n'; flag++; } # Affected: 12.2XB if (check_release(version: version, patched: make_list("12.2(2)XB4") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2XD if (check_release(version: version, patched: make_list("12.2(1)XD4"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2XE if (check_release(version: version, patched: make_list("12.2(1)XE3"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2XF if (deprecated_version(version, "12.2XF")) { report_extra = '\nUpdate to 12.2(4)BC1 or later\n'; flag++; } # Affected: 12.2XG if (deprecated_version(version, "12.2XG")) { report_extra = '\nUpdate to 12.2(8)T or later\n'; flag++; } # Affected: 12.2XH if (check_release(version: version, patched: make_list("12.2(2)XH3"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2XI if (check_release(version: version, patched: make_list("12.2(2)XI2"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2XJ if (deprecated_version(version, "12.2XJ")) { report_extra = '\nUpdate to 12.2(4)YB or later\n'; flag++; } # Affected: 12.2XK if (check_release(version: version, patched: make_list("12.2(2)XK3"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2XL if (check_release(version: version, patched: make_list("12.2(4)XL5"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2XM if (check_release(version: version, patched: make_list("12.2(4)XM4") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2XN if (deprecated_version(version, "12.2XN")) { report_extra = '\nNo fix is available for 12.2XN releases. Upgrade to a supported version\n'; flag++; } # Affected: 12.2XQ if (deprecated_version(version, "12.2XQ")) { report_extra = '\nUpdate to 12.2(4)YB or later\n'; flag++; } # Affected: 12.2XR if (check_release(version: version, patched: make_list("12.2(4)XR") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2XS if (deprecated_version(version, "12.2XS")) { report_extra = '\nUpdate to 12.2(6) or later\n'; flag++; } # Affected: 12.2XT if (deprecated_version(version, "12.2XT")) { report_extra = '\nUpdate to 12.2(8)T or later\n'; flag++; } # Affected: 12.2XW if (deprecated_version(version, "12.2XW")) { report_extra = '\nUpdate to 12.2(4)YB or later\n'; flag++; } # Affected: 12.2YA if (check_release(version: version, patched: make_list("12.2(4)YA2") )) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2YB if (deprecated_version(version, "12.2YB")) { report_extra = '\nNo fix is available for 12.2YB releases. Upgrade to a supported version\n'; flag++; } # Affected: 12.2YC if (deprecated_version(version, "12.2YC")) { report_extra = '\nUpdate to 12.2(13)T or later\n'; flag++; } # Affected: 12.2YD if (deprecated_version(version, "12.2YD")) { report_extra = '\nUpdate to 12.2(8)B or later\n'; flag++; } # Affected: 12.2YF if (deprecated_version(version, "12.2YF")) { report_extra = '\nNo fix is available for 12.2YF releases. Upgrade to a supported version\n'; flag++; } # Affected: 12.2YG if (check_release(version: version, patched: make_list("12.2(4)YG"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } # Affected: 12.2YH if (check_release(version: version, patched: make_list("12.2(4)YH"))) { report_extra = '\nUpdate to ' + patch_update + ' or later\n'; flag++; } if (get_kb_item("Host/local_checks_enabled")) { if (flag) { flag = 0; buf = cisco_command_kb_item("Host/Cisco/Config/show_ip_ssh", "show ip ssh"); if (check_cisco_result(buf)) { if (preg(pattern:"SSH\s+Enabled", multiline:TRUE, string:buf)) { flag = 1; } } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; } } } if (flag) { security_hole(port:0, extra:report_extra + cisco_caveat(override)); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CISCO NASL id CSCDV85279.NASL description It is possible to make the remote CatOS crash when sending malformed SSH packets. This vulnerability is documented with the CISCO bug ID CSCdv85279 and CSCdw59394 last seen 2020-06-01 modified 2020-06-02 plugin id 11382 published 2003-03-14 reporter This script is (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11382 title Cisco Catalyst SSH Large Packet CPU Consumption DoS (CSCdv85279, CSCdw59394) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(11382); script_version("1.26"); script_cve_id("CVE-2002-1024"); script_bugtraq_id(5114); script_name(english:"Cisco Catalyst SSH Large Packet CPU Consumption DoS (CSCdv85279, CSCdw59394)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "It is possible to make the remote CatOS crash when sending malformed SSH packets. This vulnerability is documented with the CISCO bug ID CSCdv85279 and CSCdw59394" ); script_set_attribute(attribute:"solution", value: "http://www.nessus.org/u?7641e722" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"plugin_publication_date", value: "2003/03/14"); script_cvs_date("Date: 2018/06/27 18:42:25"); script_set_attribute(attribute:"vuln_publication_date", value: "2002/06/27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value: "cpe:/o:cisco:ios"); script_end_attributes(); script_summary(english:"Uses SNMP to determine if a flaw is present"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is (C) 2003-2018 Tenable Network Security, Inc."); script_family(english:"CISCO"); script_dependencie("snmp_sysDesc.nasl", "snmp_cisco_type.nasl"); script_require_keys("SNMP/community", "SNMP/sysDesc", "CISCO/model"); exit(0); } # The code starts here ok=0; os = get_kb_item("SNMP/sysDesc"); if(!os)exit(0); hardware = get_kb_item("CISCO/model"); if(!hardware)exit(0); # Check for the required hardware... #---------------------------------------------------------------- # catalyst6.* if(ereg(string:hardware, pattern:"^catalyst6.*$"))ok=1; if(!ok)exit(0); ok = 0; # Check for the required operating system... #---------------------------------------------------------------- # Is this CatOS ? if(!egrep(pattern:".*Cisco Catalyst Operating System.*", string:os))exit(0); # 6.3 if(egrep(string:os, pattern:"(6\.3\(([0-2][^0-9]|3.[0-5])\)|6\.3),"))ok=1; # 7.1 if(egrep(string:os, pattern:"(7\.1\(([0-1][^0-9]|0.([0-9]|[1-8][0-9]|9[0-3]))\)|7\.1),"))ok=1; # 7.2 if(egrep(string:os, pattern:"(7\.2\(([0-1][^0-9]|0.([0-9]|1[0-3]))\)|7\.2),"))ok=1; #---------------------------------------------- if(ok)security_hole(port:161, proto:"udp");