| code | #TRUSTED 439e1dd2ffd6447b84c95491a46559ef5ee8adbd7cede52f915f94bb720f39efe3dcc6d52a0ea4269595341e11852a41154c140dabc313486593b0e2b3f1ba165d525e329003bb575d99908c71badc73913e58d3662551605d07115586e3d9c203297e67da7cdc4f51975260ccdca50d0a75af38edcbbb98b059de8efacaaba7b90c28dc62d8ac6f43c7c5f10197346509949b5e11c15c417dfee71f6aa9af4331fca92f52b653698db15788c91447230a15786abefdb230fd3e40d3862db5dbde0324b60c46b7626b7107bfa7a939e39abc3df63e208f8c33cc3a3ff2aa6013325f3834f2a40bd54a3cce9cc3e6e1256a6e47e10a6f333b7dde73b3292bc6d957c20279923cecb13258bd9dc14573fea506b040029c7cfe084fcef4e0067e47f1a3f190f4dc2b2ac515e798cbfdfc878b640e698570a10a586415f4aec0ead54c393f8e9bb79efb449e5d466a32598e7ea178fc0d78839825b0a93e7cf45f15e573f72123be2acf9778a4fbf09142ae02278e0340a0d048af702103280844f9367acd773a83e6bf8897509ecb15dc9eff220a4f59e5c194664fc559d6717ed7fb55a3a290a1c9dde13418866304b4a3b0c79257a52401f62946b394a33818cc78958a9c27612ca6464c0367641b213ac79462175073b3eace88276a2665f8ceea408854a4eeec571b9f34a6171c2a8619b26b0f069c139ec130a0778d3ab7ea
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(87819);
script_version("1.12");
script_cvs_date("Date: 2019/11/22");
script_cve_id("CVE-2015-6432");
script_bugtraq_id(79831);
script_xref(name:"CISCO-BUG-ID", value:"CSCuw83486");
script_xref(name:"CISCO-SA", value:"cisco-sa-20160104-iosxr");
script_name(english:"Cisco IOS XR OSPF Link State Advertisement PCE DoS (cisco-sa-20160104-iosxr)");
script_summary(english:"Checks the IOS XR version.");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"The remote Cisco IOS XR device is affected by a denial of service
vulnerability due to the number of Open Shortest Path First (OSPF)
Path Computation Elements (PCEs) configured for the OSPF Link State
Advertisement (LSA) opaque area update. An unauthenticated, remote
attacker can exploit this, via a specially crafted OSPF LSA update, to
cause a denial of service condition.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160104-iosxr
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6160ca1f");
script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20160104-iosxr.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6432");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/04");
script_set_attribute(attribute:"patch_publication_date", value:"2015/01/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/08");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xr_version.nasl");
script_require_keys("Host/Cisco/IOS-XR/Version");
exit(0);
}
include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");
flag = 0;
override = 0;
cbi = "CSCuw83486";
version = get_kb_item_or_exit("Host/Cisco/IOS-XR/Version");
if( version =~ '^4\\.[23]\\.0([^0-9]|$)' ) flag = 1;
if( version =~ '^5\\.[0-3]\\.0([^0-9]|$)' ) flag = 1;
if( version =~ '^5\\.2\\.[24]([^0-9]|$)' ) flag = 1;
if( version == '5.3.2' ) flag = 1;
if (get_kb_item("Host/local_checks_enabled") && flag)
{
flag = 0;
buf = cisco_command_kb_item("Host/Cisco/Config/show_running-config", "show running-config");
if (check_cisco_result(buf))
{
if( preg(multiline:TRUE, pattern:"^pce ", string:buf))
flag = 1;
}
else if (cisco_needs_enable(buf))
{
flag = 1;
override = 1;
}
}
if (flag)
{
if (report_verbosity > 0)
{
report =
'\n Cisco bug ID : ' + cbi +
'\n Installed release : ' + version +
'\n';
security_warning(port:0, extra:report + cisco_caveat(override));
}
else security_warning(port:0, extra:cisco_caveat(override));
}
else audit(AUDIT_HOST_NOT, "affected");
|