Vulnerabilities > CVE-2014-2139 - Denial of Service vulnerability in Cisco ONS 15454 System Software and ONS 15454

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
cisco
nessus
NVD
Published: 2014-04-12
Updated: 2014-04-14

Summary

Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion, aka Bug ID CSCug97315.

Vulnerable Configurations

Part Description Count
OS
Cisco
8
Hardware
Cisco
1

Nessus

NASL familyCISCO
NASL idCISCO-SN-CSCUG97315-ONS.NASL
descriptionA vulnerability exists in Cisco ONS 15454 Controller Cards that could allow an unauthenticated, remote attacker to prevent system access to the flash memory on the control card, resulting in a denial of service condition.
last seen2020-06-01
modified2020-06-02
plugin id73455
published2014-04-10
reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/73455
titleCisco ONS 15454 Controller Card DoS (CSCug97315)
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(73455);
  script_version("1.4");
  script_cvs_date("Date: 2018/11/15 20:50:20");

  script_cve_id("CVE-2014-2139");
  script_bugtraq_id(66684);
  script_xref(name:"CISCO-BUG-ID", value:"CSCug97315");
  script_xref(name:"IAVB", value:"2014-B-0038");

  script_name(english:"Cisco ONS 15454 Controller Card DoS (CSCug97315)");
  script_summary(english:"Checks the ONS version.");

  script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"A vulnerability exists in Cisco ONS 15454 Controller Cards that could
allow an unauthenticated, remote attacker to prevent system access to
the flash memory on the control card, resulting in a denial of service
condition.");
  # https://tools.cisco.com/security/center/viewAlert.x?alertId=33681
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fc23bc62");
  script_set_attribute(attribute:"see_also",value:"https://tools.cisco.com/bugsearch/bug/CSCug97315");
  script_set_attribute(attribute:"solution", value:
"Contact normal Cisco support channels to upgrade to a software version
that includes fixes for this vulnerability.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/04/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/10");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ons");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("cisco_ons_detect.nasl");
  script_require_keys("Cisco/ONS/Device", "Cisco/ONS/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

device_name = "Cisco ONS 15454";
device = get_kb_item_or_exit("Cisco/ONS/Device");
version = get_kb_item_or_exit("Cisco/ONS/Version");

if (device !~ "^15454") audit(AUDIT_HOST_NOT, device_name);

match = eregmatch(pattern: "^(\d+(?:\.\d+)*)-", string:version);
if (isnull(match)) exit(1, "Error parsing version string.");

# Format version string.
match = eregmatch(pattern:"^(\d+)\.(\d)(\d)(\d)?$", string:match[1]);
if (isnull(match)) exit(1, "Error parsing version string.");
else if (max_index(match) < 4) audit(AUDIT_VER_NOT_GRANULAR, device_name, version);

version_formatted = join(make_list(string(int(match[1])), match[2], match[3]), sep:'.');
if (match[4]) version_formatted += '.' + match[4];

# Check version.
flag = 0;
if (version_formatted =~ "^8\.0\.0(\.|$)") flag++;
else if (version_formatted =~ "^8\.5\.[0-3](\.|$)") flag++;
else if (version_formatted =~ "^9\.[013468]\.0(\.|$)") flag++;
else if (version_formatted =~ "^9\.2\.[0-2](\.|$)") flag++;

if (flag)
{
  port = 0;
  if (report_verbosity > 0)
  {
    report =
      '\n  Installed version : ' + version_formatted + ' (' + version + ')' +
      '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
  exit(0);
}
else audit(AUDIT_INST_VER_NOT_VULN, device_name, version);

Seebug

bulletinFamilyexploit
descriptionCVE ID:CVE-2014-2139 Cisco ONS 15454是一款多业务传输平台。 Cisco ONS 15454控制卡代码功能存在漏洞,当遭遇FIN攻击中消耗完文件描述符时会触发该漏洞,攻击者可对控制卡发送FIN攻击,阻止系统写问控制卡上的Flash内存,而进行拒绝服务攻击。 0 Cisco ONS 15454 System Software 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2139
idSSV:62103
last seen2017-11-19
modified2014-04-10
published2014-04-10
reporterRoot
titleCisco ONS 15454控制卡拒绝服务漏洞

References