Vulnerabilities > CVE-2008-3812 - Unspecified vulnerability in Cisco IOS

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
cisco
nessus
NVD
Published: 2008-09-26
Updated: 2022-06-02

Summary

Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet.

Vulnerable Configurations

Part Description Count
OS
Cisco
6

Nessus

NASL familyCISCO
NASL idCISCO-SA-20080924-IOSFWHTTP.NASL
descriptionCisco IOS software configured for IOS firewall Application Inspection Control (AIC) with a HTTP configured, application-specific policy are vulnerable to a denial of service when processing a specific, malformed HTTP transit packet. Successful exploitation of the vulnerability may result in a reload of the affected device. Cisco has released free software updates that address this vulnerability. A mitigation for this vulnerability is available. See the
last seen2020-03-17
modified2010-09-01
plugin id49018
published2010-09-01
reporterThis script is (C) 2010-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/49018
titleCisco IOS Software Firewall Application Inspection Control Vulnerability
code
#TRUSTED 663d68cfc5da8bb3343b39354f62ad08bb991c374e8270de71776326935bd2a22b966e79ca3b03e6a7ea4fd9ea6bdd2abf7e425bcb436fbcf8985c70608a2817916dd3056f567bc99a6994cea333997366310b4de743cfbc0eefc4f4e3b7412266ca3f38f8e548af95d24b6afc1ded62216f0619854305d2946515992ee8fe642b50b15c0405202ce4784ea859b576b04cfd5582f275320ec985f0fac818d0e04395677b0d778df0e9b00855c8c01b41cf20f61a5d07b374f9478caf60b17cf522ec025bb4ca5631d7507c92a51866e8a8dd67036e9c730f029dacb14f330247ab372f3ddbd5f8bd5a217a8406c572e17a97596bf02f79afd671d8294376a85545ab8e3c143987d55a02494095496cfbee9a26b2ea435c44a07a87d8749c6913cc48fc905f978a7a7c6daf86f375438f2252d26a65d7736e95ebbe4b4f265d839661016a53760e68098cdd34b9e8af7bcfe421580ea63ad6b5eaa48e67e420ef1b2853dc0d9af42733e97ae060d52416f05310b57ef0cda372548b46178f4dff50f5c944bcbc7418bebc51098238b2c53688ff711f392bd0a513ad1d491ae977ed0d65773ad86c9a41ff18ed37eab9181b849b90f6356401338d282b2e4b5f26eaa785815338f218492c1ad1c4a064a7f3b51f637cb1af5d14b956520c3bf640fa9a8ece694c54927aa00427b2a6f2fde856c60c4f808fba25c86ecad30ae535
#
# (C) Tenable Network Security, Inc.
#
# Security advisory is (C) CISCO, Inc.
# See https://www.cisco.com/en/US/products/products_security_advisory09186a0080a01545.shtml

include("compat.inc");

if (description)
{
 script_id(49018);
 script_version("1.22");
 script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15");

 script_cve_id("CVE-2008-3812");
 script_bugtraq_id(31354);
 script_xref(name:"CISCO-BUG-ID", value:"CSCsh12480");
 script_xref(name:"CISCO-SA", value:"cisco-sa-20080924-iosfw");

 script_name(english:"Cisco IOS Software Firewall Application Inspection Control Vulnerability");
 script_summary(english:"Checks IOS version");

 script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch.");
 script_set_attribute(attribute:"description", value:
"Cisco IOS software configured for IOS firewall Application Inspection
Control (AIC) with a HTTP configured, application-specific policy are
vulnerable to a denial of service when processing a specific, malformed
HTTP transit packet.  Successful exploitation of the vulnerability may
result in a reload of the affected device.

Cisco has released free software updates that address this
vulnerability.

A mitigation for this vulnerability is available. See the 'Workarounds'
section for details.");
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a1bf1ebf");
 # https://www.cisco.com/en/US/products/products_security_advisory09186a0080a01545.shtml
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5e551fd3");
 script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20080924-iosfw.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20);

 script_set_attribute(attribute:"vuln_publication_date", value:"2008/09/24");
 script_set_attribute(attribute:"patch_publication_date", value:"2008/09/24");
 script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/01");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is (C) 2010-2018 Tenable Network Security, Inc.");
 script_family(english:"CISCO");

 script_dependencie("cisco_ios_version.nasl");
 script_require_keys("Host/Cisco/IOS/Version");
 exit(0);
}

include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

flag = 0;
override = 0;
version = get_kb_item_or_exit("Host/Cisco/IOS/Version");

if (version == '12.4(11)XW') flag++;
else if (version == '12.4(11)XV1') flag++;
else if (version == '12.4(11)XV') flag++;
else if (version == '12.4(14)XK') flag++;
else if (version == '12.4(11)XJ4') flag++;
else if (version == '12.4(11)XJ3') flag++;
else if (version == '12.4(11)XJ2') flag++;
else if (version == '12.4(11)XJ') flag++;
else if (version == '12.4(6)XE3') flag++;
else if (version == '12.4(6)XE2') flag++;
else if (version == '12.4(6)XE1') flag++;
else if (version == '12.4(6)XE') flag++;
else if (version == '12.4(11)T3') flag++;
else if (version == '12.4(11)T2') flag++;
else if (version == '12.4(11)T1') flag++;
else if (version == '12.4(11)T') flag++;
else if (version == '12.4(9)T6') flag++;
else if (version == '12.4(9)T5') flag++;
else if (version == '12.4(9)T4') flag++;
else if (version == '12.4(9)T3') flag++;
else if (version == '12.4(9)T2') flag++;
else if (version == '12.4(9)T1') flag++;
else if (version == '12.4(9)T') flag++;

if (get_kb_item("Host/local_checks_enabled"))
{
  if (flag)
  {
    flag = 0;
    buf = cisco_command_kb_item("Host/Cisco/Config/show_policy-map_type_inspect_zone-pair", "show policy-map type inspect zone-pair");
    if (check_cisco_result(buf))
    {
      if (preg(pattern:"Policy: http layer7-policymap", multiline:TRUE, string:buf)) { flag = 1; }
    } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; }
  }
}

if (flag)
{
  security_hole(port:0, extra:cisco_caveat(override));
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Oval

accepted2008-12-22T04:00:06.651-05:00
classvulnerability
contributors
nameYuzheng Zhou
organizationHewlett-Packard
descriptionCisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet.
familyios
idoval:org.mitre.oval:def:5302
statusaccepted
submitted2008-09-24T11:06:36.000-04:00
titleCisco IOS Firewall Application Inspection Control Vulnerability
version5

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 31354 CVE ID: CVE-2008-3812 CNCVE ID:CNCVE-20083812 防火墙是针对组织中网络资产进行访问控制的网络设备,防火墙一般放置在网络入口处,Cisco IOS软件提供一系列安全功能可提供用户配置简单或详细的防火墙策略。 HTTP默认使用80端口对Internet WEB服务进行传送,其由于在网络上的通用性,很少针对其合法性和标准一致性进行挑战,由于80通信一般在网络上都允许而不存在挑战,因此很多应用程序开发者借助HTTP通信作为替代的传送协议允许它们的应用程序通信通过或甚至绕过防火墙设置。当Cisco IOS防火墙配置了HTTP AIC时,可通过对报文执行检测来判断HTTP连接是否在当前安全策略配置中允许,也判断用户是否通过80端口进行隧道化处理。如果报文不顺从HTTP协议标准,报文将被丢弃,连接被重置,并生成syslog消息。 使用HTTP特定应用策略的IOS firewall AIC处理特定的畸形HTTP传送报文时存在问题,成功利用此漏洞可导致受影响设置重置。 由于HTTP运行在TCP上,要利用此漏洞,恶意通信必须需要在客户端和服务器端进行三次成功的握手之后提交。 此漏洞的Cisco bug ID为CSCsh12480,CVE ID为CVE-2008-3812。 Cisco IOS 12.4XW Cisco IOS 12.4XV Cisco IOS 12.4XK Cisco IOS 12.4XJ Cisco IOS 12.4XE Cisco IOS 12.4(4)T 可参考如下安全公告获得补丁信息: <a href=http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml target=_blank>http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml</a>
idSSV:4112
last seen2017-11-19
modified2008-09-26
published2008-09-26
reporterRoot
titleCisco IOS AIC HTTP传送报文远程拒绝服务漏洞

References