Vulnerabilities > CVE-2014-2176 - Resource Management Errors vulnerability in Cisco products

#TRUSTED 47b15add16efe804fe85e40e2588271a29404f56e2c6eb6daecb85d891f75c304bc65d1052432c6cccb3b5ae3d25f49bba0a3f24270f5d439032515dba962f1549f9c807c3277442edc674db2fc022d7a49257f7459e705be487814406c29ad99d979fa3aaf051483720782ad45975720d92f1a2bcf013efb90d4f77fc673359d18187d6179f990d453275dddadeda5bfe1384ad1a1136c5a4db7afe0b8bbadd63ded41790b314a721f5017b95fa06231a1cd2d2ae3f81d61c2d7a83eced6352ae7017d506a8f6f015ecc1a8cd18d35172314cfb40198b4d9f007330875b87d57822039cf814c88cfdcf9525256b2c5e1ae89ab0c0ac564966f3d22c3617928dac32ad856e13516cd8b2cb33ff0df9767dec0d98c344aa6b43d584f395532f29638ea348e37bf2e25513ed44f75bfabd3227aa41b51dada9e3feb11670d59899afe1f9a528bea92029ad09c04d7f031e8ed01981a36cb079979531fa7828d3145a9e35242d214eb6341c3a2bbb1e50ef636d04846cdf2a39062b6c791cb78a0efc0edcf55fec0a6a8db0e261155e6976eb39e5f7c01dd856823a523d73a5275f1dda1e4696804c27c434341d079fb636a6e4642657c105a1110bd97e2f8b42e6587cf14aad8ce2562513ad53d1eb0f0bd57e53b692d34134b5504473ce1354a2f07b2b93ac54a67ecf960a872fd7b9ec2e882b606adeabc13cca617c8ba3d2f8
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(76312);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15");

  script_cve_id("CVE-2014-2176");
  script_bugtraq_id(68005);
  script_xref(name:"CISCO-BUG-ID", value:"CSCun71928");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20140611-ipv6");

  script_name(english:"Cisco IOS XR Software IPv6 Malformed Packet DoS (cisco-sa-20140611-ipv6)");
  script_summary(english:"Checks the IOS XR version.");
  script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the version of Cisco IOS XR
running on the remote host is affected by a denial of service
vulnerability due to the improper handling of IPv6 packets. A remote,
unauthenticated attacker can cause the device to lock up by rapidly
sending specially crafted IPv6 packets.

Note that this issue only affects Trident-based line cards on Cisco
ASR 9000 series routers. Also, if IPv6 is not enabled, the device can
still be exploited by a host on an adjacent network.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140611-ipv6
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?28457895");
  script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewAlert.x?alertId=33902");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20140611-ipv6.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/04/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/30");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
  script_family(english:"CISCO");

  script_dependencies("cisco_ios_xr_version.nasl");
  script_require_keys("Host/Cisco/IOS-XR/Version");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

# check model
model = get_kb_item("CISCO/model");
if (!isnull(model) && model !~ "ciscoASR9[0-9]{3}")
  audit(AUDIT_HOST_NOT, "affected");
else if (isnull(model))
{
  model = get_kb_item_or_exit("Host/Cisco/IOS-XR/Model");
  if ("ASR9K" >!< model) audit(AUDIT_HOST_NOT, "affected");
}

version = get_kb_item_or_exit("Host/Cisco/IOS-XR/Version");

# Patches are available for the versions below
if (
  report_paranoia < 2 &&
  (
    version == "4.1.2" || version == "4.2.1" || version == "4.2.3" ||
    version == "4.3.1" || version == "4.3.2" || version == "4.3.4" ||
    version == "5.1.1"
  )
) audit(AUDIT_PARANOID);


flag = 0;

if ( version =~ "^3\.[79]\.[0-3]$" ) flag++;
else if ( version =~ "^3\.8\.[0-4]$" ) flag++;
else if ( version =~ "^4\.0\.[0-4]$" ) flag++;
else if ( version =~ "^4\.1\.[0-2]$" ) flag++;
else if ( version =~ "^4\.2\.[0-4]$" ) flag++;
else if ( version =~ "^4\.3\.[0-4]$" ) flag++;
else if ( version =~ "^5\.1\.[01]$" ) flag++;

if (!flag) audit(AUDIT_INST_VER_NOT_VULN, 'Cisco IOS XR', version);

flag     = FALSE;
override = FALSE;

if (get_kb_item("Host/local_checks_enabled"))
{
  buf = cisco_command_kb_item("Host/Cisco/Config/show_diag", "show diag");
  if (check_cisco_result(buf))
  {
    pat = "A9K-(40GE-L|40GE-B|40GE-E|4T-L|4T-B|4T-E|8T/4-L|8T/4-B|8T/4-E|2T20GE-L|2T20GE-B|2T20GE-E|8T-L|8T-B|8T-E|16T/8-B)";
    if (preg(multiline:TRUE, pattern:pat, string:buf)) flag = TRUE;
  }
  else if (cisco_needs_enable(buf)) override = TRUE;
}

if (!flag && !override) audit(AUDIT_HOST_NOT, "affected");

if (report_verbosity > 0)
{
  report =
    '\n  Cisco Bug ID      : CSCun71928' +
    '\n  Installed release : ' + version +
    '\n';
  security_hole(port:0, extra:report+cisco_caveat(override));
}
else security_hole(port:0, extra:cisco_caveat(override));