Vulnerabilities > CVE-2011-0395 - Resource Management Errors vulnerability in Cisco products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
cisco
CWE-399
nessus
NVD
Published: 2011-02-25
Updated: 2024-11-21

Summary

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.20), 8.1 before 8.1(2.48), 8.2 before 8.2(3), and 8.3 before 8.3(2.1), when the RIP protocol and the Cisco Phone Proxy functionality are configured, allow remote attackers to cause a denial of service (device reload) via a RIP update, aka Bug ID CSCtg66583.

Vulnerable Configurations

Part Description Count
OS
Cisco
12
Hardware
Cisco
15

Common Weakness Enumeration (CWE)

Nessus

NASL familyCISCO
NASL idCISCO-SA-20110223-ASA.NASL
descriptionThe remote Cisco ASA device is missing a security patch and may be affected by the following issues : - When configured for transparent firewall mode, a packet buffer exhaustion vulnerability could cause the appliance to stop forwarding traffic. (CVE-2011-0393) - When SCCP inspection is enabled, a malformed SCCP message could cause the appliance to reload. (CVE-2011-0394) - If both RIP and the Cisco Phone Proxy feature are enabled, the appliance may reload when processing valid RIP updates. (CVE-2011-0395) - When the appliance is configured as a local CA server, unauthorized users can obtain sensitive data without providing authentication. (CVE-2011-0396)
last seen2020-06-01
modified2020-06-02
plugin id52586
published2011-03-09
reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/52586
titleCisco ASA 5500 Series Multiple Vulnerabilities (cisco-sa-20110223-asa)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if(description)
{
  script_id(52586);
  script_version("1.14");
  script_cvs_date("Date: 2018/11/15 20:50:20");
 
  script_cve_id("CVE-2011-0393", "CVE-2011-0394", "CVE-2011-0395", "CVE-2011-0396");
  script_bugtraq_id(46518, 46524);
  script_xref(name:"CISCO-BUG-ID", value:"CSCtg66583");
  script_xref(name:"CISCO-BUG-ID", value:"CSCtg69457");
  script_xref(name:"CISCO-BUG-ID", value:"CSCtj04707");
  script_xref(name:"CISCO-BUG-ID", value:"CSCtk12352");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20110223-asa");

  script_name(english:"Cisco ASA 5500 Series Multiple Vulnerabilities (cisco-sa-20110223-asa)");
  script_summary(english:"Checks the version of the remote ASA.");
 
  script_set_attribute(
    attribute:"synopsis",
    value:"The remote security device is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote Cisco ASA device is missing a security patch and may be
affected by the following issues :

  - When configured for transparent firewall mode, a packet
    buffer exhaustion vulnerability could cause the appliance
    to stop forwarding traffic. (CVE-2011-0393)

  - When SCCP inspection is enabled, a malformed SCCP
    message could cause the appliance to reload.
    (CVE-2011-0394)

  - If both RIP and the Cisco Phone Proxy feature are enabled,
    the appliance may reload when processing valid
    RIP updates. (CVE-2011-0395)

  - When the appliance is configured as a local CA server,
    unauthorized users can obtain sensitive data without
    providing authentication. (CVE-2011-0396)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?40e645f7"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7d46864f"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Apply the appropriate patch (see plugin output)."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vuln_publication_date",value:"2011/02/23");
  script_set_attribute(attribute:"patch_publication_date",value:"2011/02/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/09");
  script_set_attribute(attribute:"plugin_type",value:"local");
  script_set_attribute(attribute:"cpe",value:"cpe:/h:cisco:asa_5500");
  script_set_attribute(attribute:"cpe",value:"cpe:/a:cisco:adaptive_security_appliance_software");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
  script_family(english:"CISCO");
 
  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/Cisco/ASA", "Host/Cisco/ASA/model");
  exit(0);
}


include("cisco_func.inc");
include("audit.inc");

asa = get_kb_item_or_exit('Host/Cisco/ASA');
model = get_kb_item_or_exit('Host/Cisco/ASA/model');
ver = extract_asa_version(asa);
if (isnull(ver)) audit(AUDIT_FN_FAIL, 'extract_asa_version');

if (model !~ '^55[0-9][0-9]')
  audit(AUDIT_HOST_NOT, 'ASA 5500');

# first check 7.1 (the recommendation is to migrate to 7.2 and upgrade)
if (ver =~ '^7\\.1($|[^0-9])')
{
  report =
    '\n  Installed release : ' + ver +
    '\n  Fixed release     : 7.2(5.2)\n';
  security_hole(port:0, extra:report);
  exit(0);
}

# compare the ASA version versus all recommended releases.  The
# comparison is only made if the major versions match up
recommended_releases = make_list('7.0(8.12)', '7.2(5.2)', '8.0(5.23)', '8.1(2.49)', '8.2(4.1)', '8.3(2.13)', '8.4(1)');
foreach patch (recommended_releases)
{
  if (check_asa_release(version:ver, patched:patch))
  {
    report =
      '\n  Installed release : ' + ver +
      '\n  Fixed release     : ' + patch + '\n';
    security_hole(port:0, extra:report);
    exit(0);
  }
}

audit(AUDIT_INST_VER_NOT_VULN, 'ASA', ver);

References