Vulnerabilities > CVE-2013-6692 - Resource Management Errors vulnerability in Cisco IOS XE

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

cisco

CWE-399

nessus

NVD

Published: 2013-11-22

Updated: 2013-11-22

Summary

Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service (device reload) via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS XE 3.8.0S Cisco IOS XE 3.7.1S Cisco IOS XE - Cisco IOS XE 2.1.0 Cisco IOS XE 2.1.1 Cisco IOS XE 2.1.2 Cisco IOS XE 2.1.3 Cisco IOS XE 2.2.0 Cisco IOS XE 2.2.1 Cisco IOS XE 2.2.2 Cisco IOS XE 2.2.3 Cisco IOS XE 2.3.0 Cisco IOS XE 2.3.0T Cisco IOS XE 2.3.1 Cisco IOS XE 2.3.1T Cisco IOS XE 2.3.2 Cisco IOS XE 2.4.0 Cisco IOS XE 2.4.1 Cisco IOS XE 2.4.2 Cisco IOS XE 2.4.3 Cisco IOS XE 2.4.4 Cisco IOS XE 2.5\(.0\) Cisco IOS XE 2.5.0 Cisco IOS XE 2.5.1 Cisco IOS XE 2.5.2 Cisco IOS XE 2.6\(.0\) Cisco IOS XE 2.6\(.1\) Cisco IOS XE 2.6\(.2\) Cisco IOS XE 2.6.0 Cisco IOS XE 2.6.1 Cisco IOS XE 2.6.2 Cisco IOS XE 2.6.2A Cisco IOS XE 3.0.Xe Cisco IOS XE 3.1.0 Cisco IOS XE 3.1.0S Cisco IOS XE 3.1.0Sg Cisco IOS XE 3.1.1S Cisco IOS XE 3.1.1Sg Cisco IOS XE 3.1.2S Cisco IOS XE 3.1.3As Cisco IOS XE 3.1.3S Cisco IOS XE 3.1.4S Cisco IOS XE 3.1.5S Cisco IOS XE 3.1.6S Cisco IOS XE 3.1S Cisco IOS XE 3.1S\(.0\) Cisco IOS XE 3.1S\(.1\) Cisco IOS XE 3.1S\(.2\) Cisco IOS XE 3.1S\(.3\) Cisco IOS XE 3.1S.0 Cisco IOS XE 3.1S.1 Cisco IOS XE 3.1S.2 Cisco IOS XE 3.1S.3 Cisco IOS XE 3.1S.4 Cisco IOS XE 3.1S.4A Cisco IOS XE 3.1S.5 Cisco IOS XE 3.1S.6 Cisco IOS XE 3.1Sg Cisco IOS XE 3.1Sg.0 Cisco IOS XE 3.1Sg.1 Cisco IOS XE 3.2.00.Xo.15.0\(2\)Xo Cisco IOS XE 3.2.0Ja Cisco IOS XE 3.2.0S Cisco IOS XE 3.2.0Se Cisco IOS XE 3.2.0Sg Cisco IOS XE 3.2.0Xo Cisco IOS XE 3.2.1S Cisco IOS XE 3.2.1Se Cisco IOS XE 3.2.1Sg Cisco IOS XE 3.2.1Xo Cisco IOS XE 3.2.2S Cisco IOS XE 3.2.2Se Cisco IOS XE 3.2.2Sg Cisco IOS XE 3.2.3S Cisco IOS XE 3.2.3Se Cisco IOS XE 3.2.3Sg Cisco IOS XE 3.2.4Sg Cisco IOS XE 3.2.5Sg Cisco IOS XE 3.2.6Sg Cisco IOS XE 3.2.7Sg Cisco IOS XE 3.2.8Sg Cisco IOS XE 3.2.9Sg Cisco IOS XE 3.2.10Sg Cisco IOS XE 3.2.11Sg Cisco IOS XE 3.2.Xse Cisco IOS XE 3.2Ja Cisco IOS XE 3.2Ja_3.2.0Ja Cisco IOS XE 3.2S Cisco IOS XE 3.2S\(.0\) Cisco IOS XE 3.2S\(.1\) Cisco IOS XE 3.2S\(.2\) Cisco IOS XE 3.2S.0 Cisco IOS XE 3.2S.1 Cisco IOS XE 3.2S.2 Cisco IOS XE 3.2S.3 Cisco IOS XE 3.2Se Cisco IOS XE 3.2Se.0 Cisco IOS XE 3.2Se.1 Cisco IOS XE 3.2Se.2 Cisco IOS XE 3.2Se.3 Cisco IOS XE 3.2Se_3.2.0Se Cisco IOS XE 3.2Se_3.2.1Se Cisco IOS XE 3.2Se_3.2.2Se Cisco IOS XE 3.2Se_3.2.3Se Cisco IOS XE 3.2Sg Cisco IOS XE 3.2Sg.0 Cisco IOS XE 3.2Sg.1 Cisco IOS XE 3.2Sg.2 Cisco IOS XE 3.2Sg.3 Cisco IOS XE 3.2Sg.4 Cisco IOS XE 3.2Sg.5 Cisco IOS XE 3.2Sg.6 Cisco IOS XE 3.2Sg.7 Cisco IOS XE 3.2Sg.8 Cisco IOS XE 3.2Sg.9 Cisco IOS XE 3.2Xo Cisco IOS XE 3.2Xo.0 Cisco IOS XE 3.2Xo.1 Cisco IOS XE 3.3.0S Cisco IOS XE 3.3.0Se Cisco IOS XE 3.3.0Sg Cisco IOS XE 3.3.0Sq Cisco IOS XE 3.3.0Xo Cisco IOS XE 3.3.1S Cisco IOS XE 3.3.1Se Cisco IOS XE 3.3.1Sg Cisco IOS XE 3.3.1Sq Cisco IOS XE 3.3.1Xo Cisco IOS XE 3.3.2S Cisco IOS XE 3.3.2Se Cisco IOS XE 3.3.2Sg Cisco IOS XE 3.3.2Xo Cisco IOS XE 3.3.3S Cisco IOS XE 3.3.3Se Cisco IOS XE 3.3.4Se Cisco IOS XE 3.3.5Se Cisco IOS XE 3.3.Xse Cisco IOS XE 3.3S Cisco IOS XE 3.3S\(.0\) Cisco IOS XE 3.3S\(.1\) Cisco IOS XE 3.3S\(.2\) Cisco IOS XE 3.3S.0 Cisco IOS XE 3.3S.1 Cisco IOS XE 3.3S.2 Cisco IOS XE 3.3S_3.3.0S Cisco IOS XE 3.3S_3.3.1S Cisco IOS XE 3.3S_3.3.2S Cisco IOS XE 3.3Se Cisco IOS XE 3.3Se_3.3.0Se Cisco IOS XE 3.3Se_3.3.1Se Cisco IOS XE 3.3Se_3.3.2Se Cisco IOS XE 3.3Se_3.3.3Se Cisco IOS XE 3.3Se_3.3.4Se Cisco IOS XE 3.3Se_3.3.5Se Cisco IOS XE 3.3Sg Cisco IOS XE 3.3Sg.0 Cisco IOS XE 3.3Sg.1 Cisco IOS XE 3.3Sg.2 Cisco IOS XE 3.3Sg_3.3.0Sg Cisco IOS XE 3.3Sg_3.3.1Sg Cisco IOS XE 3.3Sg_3.3.2Sg Cisco IOS XE 3.3Sq Cisco IOS XE 3.3Sq.0 Cisco IOS XE 3.3Sq.1 Cisco IOS XE 3.3Xo Cisco IOS XE 3.3Xo.0 Cisco IOS XE 3.3Xo.1 Cisco IOS XE 3.3Xo.2 Cisco IOS XE 3.3Xo_3.3.0Xo Cisco IOS XE 3.3Xo_3.3.1Xo Cisco IOS XE 3.3Xo_3.3.2Xo Cisco IOS XE 3.4.0As Cisco IOS XE 3.4.0S Cisco IOS XE 3.4.0Sg Cisco IOS XE 3.4.0Sq Cisco IOS XE 3.4.1S Cisco IOS XE 3.4.1Sg Cisco IOS XE 3.4.1Sq Cisco IOS XE 3.4.2S Cisco IOS XE 3.4.2Sg Cisco IOS XE 3.4.3S Cisco IOS XE 3.4.3Sg Cisco IOS XE 3.4.4S Cisco IOS XE 3.4.4Sg Cisco IOS XE 3.4.5S Cisco IOS XE 3.4.5Sg Cisco IOS XE 3.4.6S Cisco IOS XE 3.4.6Sg Cisco IOS XE 3.4.7Asg Cisco IOS XE 3.4.7Sg Cisco IOS XE 3.4.8Sg Cisco IOS XE 3.4.9Sg Cisco IOS XE 3.4.Xs Cisco IOS XE 3.4S Cisco IOS XE 3.4S\(.0\) Cisco IOS XE 3.4S\(.1\) Cisco IOS XE 3.4S\(.2\) Cisco IOS XE 3.4S\(.3\) Cisco IOS XE 3.4S\(.4\) Cisco IOS XE 3.4S\(.5\) Cisco IOS XE 3.4S\(.6\) Cisco IOS XE 3.4S.0 Cisco IOS XE 3.4S.0A Cisco IOS XE 3.4S.1 Cisco IOS XE 3.4S.2 Cisco IOS XE 3.4S.3 Cisco IOS XE 3.4S.4 Cisco IOS XE 3.4S.5 Cisco IOS XE 3.4S.6 Cisco IOS XE 3.4S_3.4.0As Cisco IOS XE 3.4S_3.4.0S Cisco IOS XE 3.4S_3.4.1S Cisco IOS XE 3.4S_3.4.2S Cisco IOS XE 3.4S_3.4.3S Cisco IOS XE 3.4S_3.4.4S Cisco IOS XE 3.4S_3.4.5S Cisco IOS XE 3.4S_3.4.6S Cisco IOS XE 3.4Sg Cisco IOS XE 3.4Sg.0 Cisco IOS XE 3.4Sg.1 Cisco IOS XE 3.4Sg.2 Cisco IOS XE 3.4Sg.3 Cisco IOS XE 3.4Sg.4 Cisco IOS XE 3.4Sg.5 Cisco IOS XE 3.4Sg_3.4.0Sg Cisco IOS XE 3.4Sg_3.4.1Sg Cisco IOS XE 3.4Sg_3.4.2Sg Cisco IOS XE 3.4Sg_3.4.3Sg Cisco IOS XE 3.4Sg_3.4.4Sg Cisco IOS XE 3.4Sg_3.4.5Sg Cisco IOS XE 3.4Sg_3.4.6Sg Cisco IOS XE 3.4Sg_3.4.7Sg Cisco IOS XE 3.4Sq Cisco IOS XE 3.4Sq.0 Cisco IOS XE 3.4Sq.1 Cisco IOS XE 3.5.0E Cisco IOS XE 3.5.0S Cisco IOS XE 3.5.0Sq Cisco IOS XE 3.5.1E Cisco IOS XE 3.5.1S Cisco IOS XE 3.5.1Sq Cisco IOS XE 3.5.2E Cisco IOS XE 3.5.2S Cisco IOS XE 3.5.2Sq Cisco IOS XE 3.5.3E Cisco IOS XE 3.5.3Sq Cisco IOS XE 3.5.4Sq Cisco IOS XE 3.5.5Sq Cisco IOS XE 3.5.6Sq Cisco IOS XE 3.5.7Sq Cisco IOS XE 3.5.8Sq Cisco IOS XE 3.5.Xs Cisco IOS XE 3.5E Cisco IOS XE 3.5E.0 Cisco IOS XE 3.5E.1 Cisco IOS XE 3.5E.2 Cisco IOS XE 3.5E.3 Cisco IOS XE 3.5E_3.5.0E Cisco IOS XE 3.5E_3.5.1E Cisco IOS XE 3.5E_3.5.2E Cisco IOS XE 3.5E_3.5.3E Cisco IOS XE 3.5S Cisco IOS XE 3.5S\(.0\) Cisco IOS XE 3.5S\(.1\) Cisco IOS XE 3.5S\(.2\) Cisco IOS XE 3.5S.0 Cisco IOS XE 3.5S.1 Cisco IOS XE 3.5S.2 Cisco IOS XE 3.5S_3.5.0S Cisco IOS XE 3.5S_3.5.1S Cisco IOS XE 3.5S_3.5.2S Cisco IOS XE 3.5S_Base Cisco IOS XE 3.5Sq Cisco IOS XE 3.6\(2\)E Cisco IOS XE 3.6\(5\) Cisco IOS XE 3.6.0Ae Cisco IOS XE 3.6.0Be Cisco IOS XE 3.6.0E Cisco IOS XE 3.6.0S Cisco IOS XE 3.6.1E Cisco IOS XE 3.6.1S Cisco IOS XE 3.6.2Ae Cisco IOS XE 3.6.2E Cisco IOS XE 3.6.2S Cisco IOS XE 3.6.3E Cisco IOS XE 3.6.4E Cisco IOS XE 3.6.5Ae Cisco IOS XE 3.6.5Be Cisco IOS XE 3.6.5E Cisco IOS XE 3.6.6E Cisco IOS XE 3.6.7Ae Cisco IOS XE 3.6.7Be Cisco IOS XE 3.6.7E Cisco IOS XE 3.6.8E Cisco IOS XE 3.6.9Ae Cisco IOS XE 3.6.9E Cisco IOS XE 3.6.10Ae Cisco IOS XE 3.6.10E Cisco IOS XE 3.6.Xe Cisco IOS XE 3.6E Cisco IOS XE 3.6E.0 Cisco IOS XE 3.6E.1 Cisco IOS XE 3.6E_3.6.0E Cisco IOS XE 3.6E_3.6.1E Cisco IOS XE 3.6E_3.6.2Ae Cisco IOS XE 3.6E_3.6.2E Cisco IOS XE 3.6E_3.6.3E Cisco IOS XE 3.6S Cisco IOS XE 3.6S\(.0\) Cisco IOS XE 3.6S\(.1\) Cisco IOS XE 3.6S\(.2\) Cisco IOS XE 3.6S.0 Cisco IOS XE 3.6S.1 Cisco IOS XE 3.6S.2 Cisco IOS XE 3.6S_3.6.0S Cisco IOS XE 3.6S_3.6.1S Cisco IOS XE 3.6S_3.6.2S Cisco IOS XE 3.6S_Base Cisco IOS XE 3.7\(0\)S Cisco IOS XE 3.7.0Bs Cisco IOS XE 3.7.0E Cisco IOS XE 3.7.0S Cisco IOS XE 3.7.0Xas Cisco IOS XE 3.7.0Xbs Cisco IOS XE 3.7.1As Cisco IOS XE 3.7.1E Cisco IOS XE 3.7.2E Cisco IOS XE 3.7.2S Cisco IOS XE 3.7.2Ts Cisco IOS XE 3.7.3E Cisco IOS XE 3.7.3S Cisco IOS XE 3.7.4As Cisco IOS XE 3.7.4E Cisco IOS XE 3.7.4S Cisco IOS XE 3.7.5E Cisco IOS XE 3.7.5S Cisco IOS XE 3.7.6S Cisco IOS XE 3.7.7S Cisco IOS XE 3.7.8S Cisco IOS XE 3.7.Xe Cisco IOS XE 3.7E Cisco IOS XE 3.7E.0 Cisco IOS XE 3.7E_3.7.0E Cisco IOS XE 3.7E_3.7.1E Cisco IOS XE 3.7E_3.7.2E Cisco IOS XE 3.7E_3.7.3E Cisco IOS XE 3.7S Cisco IOS XE 3.7S\(.0\) Cisco IOS XE 3.7S\(.1\) Cisco IOS XE 3.7S.0 Cisco IOS XE 3.7S.1 Cisco IOS XE 3.7S.2 Cisco IOS XE 3.7S.3 Cisco IOS XE 3.7S.4 Cisco IOS XE 3.7S.5 Cisco IOS XE 3.7S.6 Cisco IOS XE 3.7S.7 Cisco IOS XE 3.7S_3.7.0S Cisco IOS XE 3.7S_3.7.1S Cisco IOS XE 3.7S_3.7.2S Cisco IOS XE 3.7S_3.7.2Ts Cisco IOS XE 3.7S_3.7.3S Cisco IOS XE 3.7S_3.7.4As Cisco IOS XE 3.7S_3.7.4S Cisco IOS XE 3.7S_3.7.5S Cisco IOS XE 3.7S_3.7.6S Cisco IOS XE 3.7S_3.7.7S Cisco IOS XE 3.7S_Base Cisco IOS XE 3.8.0E Cisco IOS XE 3.8.0Ex Cisco IOS XE 3.8.1E Cisco IOS XE 3.8.1S Cisco IOS XE 3.8.2E Cisco IOS XE 3.8.2S Cisco IOS XE 3.8.3E Cisco IOS XE 3.8.4E Cisco IOS XE 3.8.5Ae Cisco IOS XE 3.8.5E Cisco IOS XE 3.8.6E Cisco IOS XE 3.8.7E Cisco IOS XE 3.8.8E Cisco IOS XE 3.8.9E Cisco IOS XE 3.8.10Ce Cisco IOS XE 3.8.10E Cisco IOS XE 3.8.10Ee Cisco IOS XE 3.8.Xe Cisco IOS XE 3.8E Cisco IOS XE 3.8E_3.8.0E Cisco IOS XE 3.8E_3.8.1E Cisco IOS XE 3.8Ex Cisco IOS XE 3.8S Cisco IOS XE 3.8S\(.0\) Cisco IOS XE 3.8S\(.1\) Cisco IOS XE 3.8S\(.2\)	394

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	CISCO
NASL id	CISCO-SN-CSCUH04949-IOSXE.NASL
description	According to its self-reported version, the remote IOS device is affected by a denial of service vulnerability. A denial of service flaw exists in the DHCP function when handling AAA client IP address assignment. An authenticated attacker, with a specially crafted AAA packet, could cause the device to reboot.
last seen	2019-10-28
modified	2014-07-29
plugin id	76882
published	2014-07-29
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/76882
title	Cisco IOS XE DHCP AAA Clients DoS (CSCuh04949)
code	#TRUSTED 30fd0eacaa475acc16518c5ba5111e25f2312f7cb8b929a6ab96b0d70355d9475663ee8a7e555c213a57e0876dc58b595479cd4a49e02434ca4e771a363dc71474a9fbe8840c619e5f9e082bbee134039099f02b552d970f113a5d0e6e32f97ba995737ef16cd95230ff71a9981679ea1ab96c87a9589df5db7f6fbe07fc5f45bb6b93e3f86d4aa66e387195fadb72a9fb02cc1ce0b9fb7be36bb2dbab905f327c48fc92079a02493b92b222f931029165d2a2eea72dcf780a4c868fa8de32da3f794c2bbcd232361be17af25de0d7a58914d8733600ad256dae2ab96cf0c0a493b1a894feb4e44c95207f5f3dd0ea6fddcf72af99ec29915a274ec73073a00e86a9cb685c45a84dc82cef8a045366414886659cde6ebea8961d8ece1e3c9eb9742b98452e9faa04b9beb9bfcfba12a0031a5c3d8f546ac58d6da8b9dc25cac2d12050e3496cbcd40ece8e4389fc73714e2d5be0049f970544cc339f9a6e233dca1e392f251454fe5293525dc3e81795f40c51ffd7cc223ad84d2932e104918b2fc963210429fb2601c1729a2ea38f681da73a18abcc6ee8357c91b31b483760f677a48e03c250c70e75c232e509d6c91162fa3998a46c7c1aca6c6644c351ddd3b4776b9b412c10d31569af462e2f38005c103d47129d7759c954c390f9134f6abcc1db510b94f11fa8411f5220fb5f5b6bf5a6aad84efe3d3be0116dbd6ef7 # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76882); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15"); script_cve_id("CVE-2013-6692"); script_bugtraq_id(63855); script_xref(name:"CISCO-BUG-ID", value:"CSCuh04949"); script_name(english:"Cisco IOS XE DHCP AAA Clients DoS (CSCuh04949)"); script_summary(english:"Checks IOS XE version"); script_set_attribute(attribute:"synopsis", value:"The remote device is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the remote IOS device is affected by a denial of service vulnerability. A denial of service flaw exists in the DHCP function when handling AAA client IP address assignment. An authenticated attacker, with a specially crafted AAA packet, could cause the device to reboot."); script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewAlert.x?alertId=31860"); # https://tools.cisco.com/security/center/viewAlert.x?alertId=31860 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e08811a4"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug ID CSCuh04949."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/21"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/29"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("cisco_ios_xe_version.nasl"); script_require_keys("Host/Cisco/IOS-XE/Version"); exit(0); } include("audit.inc"); include("cisco_func.inc"); include("cisco_kb_cmd_func.inc"); version = get_kb_item_or_exit("Host/Cisco/IOS-XE/Version"); flag = 0; override = 0; if (version == '3.7.0S') flag++; if (version == '3.7.1S') flag++; if (version == '3.7.2S') flag++; if (version == '3.7.3S') flag++; if (version == '3.8.0S') flag++; if (version == '3.8.1S') flag++; if (version == '3.8.2S') flag++; if (get_kb_item("Host/local_checks_enabled")) { if (flag > 0) { flag = 0; buf = cisco_command_kb_item("Host/Cisco/Config/show_running-config", "show running-config"); if (check_cisco_result(buf)) { if (preg(pattern:"aaa", multiline:TRUE, string:buf)) { flag = 1; } } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; } } } if (flag > 0) { if (report_verbosity > 0) { report = '\n Cisco Bug ID : CSCuh04949' + '\n Installed release : ' + version; security_warning(port:0, extra:report + cisco_caveat(override)); } else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References