Vulnerabilities > CVE-2014-2143 - Unspecified vulnerability in Cisco IOS

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
cisco
nessus
NVD
Published: 2014-04-04
Updated: 2014-04-04

Summary

The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021.

Vulnerable Configurations

Part Description Count
OS
Cisco
5865

Nessus

NASL familyCISCO
NASL idCISCO_IOS_CSCUN31021.NASL
descriptionThe Cisco Internet Key Exchange (IKE) module has a denial of service vulnerability. According to its self-reported IOS version, the remote device may be affected by this vulnerability. The IKE module does not handle specially crafted main mode packets and can allow established IKE security associations to be damaged.
last seen2020-06-01
modified2020-06-02
plugin id73736
published2014-04-28
reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/73736
titleCisco IOS IKE Module DoS
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(73736);
  script_version("1.6");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id("CVE-2014-2143");
  script_bugtraq_id(66628);
  script_xref(name:"CISCO-BUG-ID", value:"CSCun31021");

  script_name(english:"Cisco IOS IKE Module DoS");
  script_summary(english:"Checks IOS version");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The Cisco Internet Key Exchange (IKE) module has a denial of service
vulnerability. According to its self-reported IOS version, the remote
device may be affected by this vulnerability. The IKE module does not
handle specially crafted main mode packets and can allow established
IKE security associations to be damaged.");
  # https://tools.cisco.com/security/center/viewAlert.x?alertId=33639
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?128edb78");
  script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewAlert.x?alertId=33639");
  script_set_attribute(attribute:"solution", value:
"Contact Cisco for updated software.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-2143");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/04/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_version.nasl");
  script_require_keys("Host/Cisco/IOS/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

version = get_kb_item_or_exit("Host/Cisco/IOS/Version");

if (
  version == '15.4T'      ||
  version == '15.4(1)T'   ||
  version == '15.4S'      ||
  version == '15.4(3)S'
) security_warning(0);
else audit(AUDIT_INST_VER_NOT_VULN, 'IOS', version);

References