Vulnerabilities > CVE-2016-1348 - Resource Management Errors vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

nessus

NVD

Published: 2016-03-26

Updated: 2016-12-03

Summary

Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS XE 3.10S_3.10.3S Cisco IOS XE 3.7S_3.7.0S Cisco IOS XE 3.7S_3.7.5S Cisco IOS XE 3.5E_3.5.2E Cisco IOS XE 3.9S_3.9.1S Cisco IOS XE 3.5E_3.5.1E Cisco IOS XE 3.16S_3.16.0S Cisco IOS XE 3.12S_3.12.1S Cisco IOS XE 3.7S_3.7.7S Cisco IOS XE 3.8S_3.8.1S Cisco IOS XE 3.6S_3.6.1S Cisco IOS XE 3.6E_3.6.2E Cisco IOS XE 3.6E_3.6.1E Cisco IOS XE 3.7S_3.7.4S Cisco IOS XE 3.14S_3.14.0S Cisco IOS XE 3.9S_3.9.1As Cisco IOS XE 3.12S_3.12.4S Cisco IOS XE 3.6E_3.6.0E Cisco IOS XE 3.8E_3.8.0E Cisco IOS XE 3.16S_3.16.1S Cisco IOS XE 3.5S_3.5.0S Cisco IOS XE 3.10S_3.10.2S Cisco IOS XE 3.7S_3.7.1S Cisco IOS XE 3.15S_3.15.2S Cisco IOS XE 3.12S_3.12.2S Cisco IOS XE 3.14S_3.14.2S Cisco IOS XE 3.13S_3.13.2S Cisco IOS XE 3.5E_3.5.3E Cisco IOS XE 3.15S_3.15.1S Cisco IOS XE 3.13S_3.13.3S Cisco IOS XE 3.3Xo_3.3.0Xo Cisco IOS XE 3.7S_3.7.4As Cisco IOS XE 3.13S_3.13.0As Cisco IOS XE 3.7S_3.7.3S Cisco IOS XE 3.9S_3.9.0As Cisco IOS XE 3.10S_3.10.1Xbs Cisco IOS XE 3.12S_3.12.0S Cisco IOS XE 3.10S_3.10.1S Cisco IOS XE 3.10S_3.10.0S Cisco IOS XE 3.10S_3.10.6S Cisco IOS XE 3.11S_3.11.3S Cisco IOS XE 3.15S_3.15.0S Cisco IOS XE 3.7E_3.7.0E Cisco IOS XE 3.7E_3.7.1E Cisco IOS XE 3.5S_3.5.1S Cisco IOS XE 3.7S_3.7.6S Cisco IOS XE 3.7E_3.7.2E Cisco IOS XE 3.11S_3.11.2S Cisco IOS XE 3.16S_3.16.1As Cisco IOS XE 3.15S_3.15.1Cs Cisco IOS XE 3.12S_3.12.3S Cisco IOS XE 3.14S_3.14.3S Cisco IOS XE 3.13S_3.13.4S Cisco IOS XE 3.5S_3.5.2S Cisco IOS XE 3.11S_3.11.1S Cisco IOS XE 3.14S_3.14.1S Cisco IOS XE 3.11S_3.11.4S Cisco IOS XE 3.6E_3.6.3E Cisco IOS XE 3.9S_3.9.0S Cisco IOS XE 3.7S_3.7.2S Cisco IOS XE 3.13S_3.13.2As Cisco IOS XE 3.3Xo_3.3.2Xo Cisco IOS XE 3.6S_3.6.0S Cisco IOS XE 3.8S_3.8.0S Cisco IOS XE 3.6E_3.6.2Ae Cisco IOS XE 3.10S_3.10.5S Cisco IOS XE 3.9S_3.9.2S Cisco IOS XE 3.3Xo_3.3.1Xo Cisco IOS XE 3.7S_3.7.2Ts Cisco IOS XE 3.13S_3.13.1S Cisco IOS XE 3.5E_3.5.0E Cisco IOS XE 3.6S_3.6.2S Cisco IOS XE 3.13S_3.13.0S Cisco IOS XE 3.10S_3.10.4S Cisco IOS XE 3.11S_3.11.0S Cisco IOS XE 3.8S_3.8.2S Cisco IOS XE 3.16S_3.16.0Cs	77
OS	Samsung Samsung X14J Firmware T-Ms14Jakucb-1102.5	1
OS	Sun SUN Opensolaris Snv_124	1
OS	Zyxel Zyxel Gs1900 10Hp Firmware - Zyxel Gs1900 10Hp Firmware 2.40	2
OS	Netgear Netgear Jr6150 Firmware 1.0.0.17 Netgear Jr6150 Firmware 1.0.1.7 Netgear Jr6150 Firmware 1.0.1.10 Netgear Jr6150 Firmware 1.0.1.12 Netgear Jr6150 Firmware 1.0.1.14 Netgear Jr6150 Firmware 1.0.1.16 Netgear Jr6150 Firmware 1.0.1.18 Netgear Jr6150 Firmware 1.0.1.22 Netgear Jr6150 Firmware 1.0.1.24 Netgear Jr6150 Firmware 1.0.1.26	10
OS	Zzinc Zzinc Keymouse Firmware 3.08	1

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20160323-DHCPV6-IOSXE.NASL
description	According to its self-reported version, the Cisco IOS XE software running on the remote device is affected by a denial of service vulnerability in the DHCPv6 Relay feature due to improper validation of DHCPv6 relay messages. An unauthenticated, remote attacker can exploit this issue, via a crafted DHCPv6 relay message, to cause the device to reload.
last seen	2020-06-01
modified	2020-06-02
plugin id	90354
published	2016-04-06
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90354
title	Cisco IOS XE DHCPv6 Relay Message Handling DoS (cisco-sa-20160323-dhcpv6)
code	#TRUSTED 4e346cf134fab484d2fd9b952ecd1818a51940f58e09fb66814448b7f0a2c68cdb40e782dcf170c6fa45bff3ed13aa92fb43209d33105a3aa81ad170efddd2d228e03f40d799bfb09fda74077551a307502f20ab9522e4f4e1c9227047660650f76ab608d2f409b769e168a9a891693099e3d2027465a30c6a67fab56a4f5332767f48f1564d24c8f552d23a642aae506428d92bd1ec8c4cebee85fa5035e7fae489ae29d0615b5a7c8ce0b7d766cb16ea42e4cb56d2b16ab098cbbca112c18239b441028ab7c59625fbe687a1d2afb5b92024fdaa33dbc745db66454764ddffd63036d750105aa42bd961f36021ad918314ac9c4b1ccb088e5271a1284d291f1f8b29df07702be076b350cb434d4783bd60b61150eaef95e620741171514006a8dee603655ae23d69a2826e900696fbf8c4d1752e48d04fae4591d5b3c3b8c115634a537e02805782e41b5ed83fe4c97b99eb06a14d2b440940f868d4974d93aa4aac992de8ec7dcc4a75d0dabe2b6b2806b0c08dee606c1edd3e38ecaa6ebf2de56ac7acbd24096de4e4182cf367c44bc2f71bee757349d0ebd4eadfff1bd46b474595bb58f4a9c2705bb35364ccd1116311a9708133820c59aae90e4a299365a4f9efe3dd35b0d793ac1fd89098114fbc942734329185a3c6e1021bd2eb137416aff932ab22a0fa3e5e9a4b6c0b71b8551f4d59cbc09e6d6de5e4c9480ad4 # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(90354); script_version("1.10"); script_cvs_date("Date: 2019/11/20"); script_cve_id("CVE-2016-1348"); script_xref(name:"CISCO-BUG-ID", value:"CSCus55821"); script_xref(name:"CISCO-SA", value:"cisco-sa-20160323-dhcpv6"); script_name(english:"Cisco IOS XE DHCPv6 Relay Message Handling DoS (cisco-sa-20160323-dhcpv6)"); script_summary(english:"Checks the IOS XE version."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the Cisco IOS XE software running on the remote device is affected by a denial of service vulnerability in the DHCPv6 Relay feature due to improper validation of DHCPv6 relay messages. An unauthenticated, remote attacker can exploit this issue, via a crafted DHCPv6 relay message, to cause the device to reload."); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?239272f7"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug ID CSCus55821."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1348"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/23"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/06"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_ios_xe_version.nasl"); script_require_keys("Host/Cisco/IOS-XE/Version"); exit(0); } include("audit.inc"); include("cisco_func.inc"); include("cisco_kb_cmd_func.inc"); version = get_kb_item_or_exit("Host/Cisco/IOS-XE/Version"); fix = ''; flag = 0; # Check for vuln version if ( ver == '3.8.0E' ) flag++; if ( ver == '3.3.0XO' ) flag++; if ( ver == '3.3.1XO' ) flag++; if ( ver == '3.3.2XO' ) flag++; if ( ver == '3.5.0E' ) flag++; if ( ver == '3.5.1E' ) flag++; if ( ver == '3.5.2E' ) flag++; if ( ver == '3.5.3E' ) flag++; if ( ver == '3.5.0S' ) flag++; if ( ver == '3.5.1S' ) flag++; if ( ver == '3.5.2S' ) flag++; if ( ver == '3.6.0E' ) flag++; if ( ver == '3.6.1E' ) flag++; if ( ver == '3.6.2aE' ) flag++; if ( ver == '3.6.2E' ) flag++; if ( ver == '3.6.3E' ) flag++; if ( ver == '3.6.0S' ) flag++; if ( ver == '3.6.1S' ) flag++; if ( ver == '3.6.2S' ) flag++; if ( ver == '3.7.0E' ) flag++; if ( ver == '3.7.1E' ) flag++; if ( ver == '3.7.2E' ) flag++; if ( ver == '3.7.0S' ) flag++; if ( ver == '3.7.1S' ) flag++; if ( ver == '3.7.2S' ) flag++; if ( ver == '3.7.2tS' ) flag++; if ( ver == '3.7.3S' ) flag++; if ( ver == '3.7.4S' ) flag++; if ( ver == '3.7.4aS' ) flag++; if ( ver == '3.7.5S' ) flag++; if ( ver == '3.7.6S' ) flag++; if ( ver == '3.7.7S' ) flag++; if ( ver == '3.8.0S' ) flag++; if ( ver == '3.8.1S' ) flag++; if ( ver == '3.8.2S' ) flag++; if ( ver == '3.9.0S' ) flag++; if ( ver == '3.9.0aS' ) flag++; if ( ver == '3.9.1S' ) flag++; if ( ver == '3.9.1aS' ) flag++; if ( ver == '3.9.2S' ) flag++; if ( ver == '3.10.0S' ) flag++; if ( ver == '3.10.1S' ) flag++; if ( ver == '3.10.1xbS' ) flag++; if ( ver == '3.10.2S' ) flag++; if ( ver == '3.10.3S' ) flag++; if ( ver == '3.10.4S' ) flag++; if ( ver == '3.10.5S' ) flag++; if ( ver == '3.10.6S' ) flag++; if ( ver == '3.11.0S' ) flag++; if ( ver == '3.11.1S' ) flag++; if ( ver == '3.11.2S' ) flag++; if ( ver == '3.11.3S' ) flag++; if ( ver == '3.11.4S' ) flag++; if ( ver == '3.12.0S' ) flag++; if ( ver == '3.12.1S' ) flag++; if ( ver == '3.12.4S' ) flag++; if ( ver == '3.12.2S' ) flag++; if ( ver == '3.12.3S' ) flag++; if ( ver == '3.13.2aS' ) flag++; if ( ver == '3.13.0S' ) flag++; if ( ver == '3.13.0aS' ) flag++; if ( ver == '3.13.1S' ) flag++; if ( ver == '3.13.2S' ) flag++; if ( ver == '3.13.3S' ) flag++; if ( ver == '3.13.4S' ) flag++; if ( ver == '3.14.0S' ) flag++; if ( ver == '3.14.1S' ) flag++; if ( ver == '3.14.2S' ) flag++; if ( ver == '3.14.3S' ) flag++; if ( ver == '3.15.1cS' ) flag++; if ( ver == '3.15.0S' ) flag++; if ( ver == '3.15.1S' ) flag++; if ( ver == '3.15.2S' ) flag++; if ( ver == '3.16.0S' ) flag++; if ( ver == '3.16.0cS' ) flag++; if ( ver == '3.16.1S' ) flag++; if ( ver == '3.16.1aS' ) flag++; # Check DHCPv6 Relay if (flag && get_kb_item("Host/local_checks_enabled")) { flag = 0; buf = cisco_command_kb_item("Host/Cisco/Config/show_ipv6_dhcp_interface", "show ipv6 dhcp interface"); if (check_cisco_result(buf)) { if ("is in relay mode" >< buf) flag = 1; } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; } } if (flag) { if (report_verbosity > 0) { report = '\n Cisco bug ID : CSCus55821' + '\n Installed release : ' + version + '\n'; security_hole(port:0, extra:report + cisco_caveat(override)); exit(0); } else security_hole(port:0, extra:cisco_caveat(override)); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	CISCO
NASL id	CISCO-SA-20160323-DHCPV6-IOS.NASL
description	According to its self-reported version, the Cisco IOS software running on the remote device is affected by a denial of service vulnerability in the DHCPv6 Relay feature due to improper validation of DHCPv6 relay messages. An unauthenticated, remote attacker can exploit this issue, via a crafted DHCPv6 relay message, to cause the device to reload.
last seen	2020-06-01
modified	2020-06-02
plugin id	90353
published	2016-04-06
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90353
title	Cisco IOS DHCPv6 Relay Message Handling DoS (cisco-sa-20160323-dhcpv6)
code	#TRUSTED 3a973fb7935dac43dfb17b80176f7c852d71873976872f83a65ebf8423f6e14c5ac67fa3d970ab75f0480ab353404c98bd794c5485346c1471b1250c55a5fa5193265d71d735eb02dc555ffafbeeb16c828c9a10046ed47d5f048f06bf7800130865af326d4c86e8b0c827e6a937ac266ab3df9a130965503fda1cb5ae15a59a4f64aec110f80d88e855c01aa04eb854b7778ecc445d2a653d1cee861475713c2dbfc6c89ce069661b5b7d7dfca25a3a64841b5fcf51d1b3ba451600ea81ee65a5aa7795a63ea43f68b08fbdc8f89ba2221598e075075dc1ffb29e5632e805c3fb5226a8a845c8ea16ae13e54dc3cb949c4d90f05652575c6de347b762131b5468fd19f96d9b93b4dae9e6f149fc5b698009c209e322cd447e2e5aed9e1b12bb290847a78d342726e09ecff5051eede141256b31673c87689c8938cac75e68405e8b7a26215b9d5c3a28038ceccdd3a551ef5ebd4a205ede7b46b052026ce6fb7fd252cdf7f8b1689e3ef197655707b089b157342294f9c07759703b911095a53399c6d5f5930d72524c84079010733ed0370adb414044c9a74f8a3e6575153f38366d09460dc98e215482ec3622a2159b8457227d67517918ec55b67fad7a79c60cddda69f9c61211bff074b3f70aa23c43d4fc428fb6d49768334257f86f8428b71dfaf12212dcee50bf89c7a5313646905383aee08ce4c9ee6e15a3744b3b # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(90353); script_version("1.10"); script_cvs_date("Date: 2019/11/20"); script_cve_id("CVE-2016-1348"); script_xref(name:"CISCO-BUG-ID", value:"CSCus55821"); script_xref(name:"CISCO-SA", value:"cisco-sa-20160323-dhcpv6"); script_name(english:"Cisco IOS DHCPv6 Relay Message Handling DoS (cisco-sa-20160323-dhcpv6)"); script_summary(english:"Checks the IOS version."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the Cisco IOS software running on the remote device is affected by a denial of service vulnerability in the DHCPv6 Relay feature due to improper validation of DHCPv6 relay messages. An unauthenticated, remote attacker can exploit this issue, via a crafted DHCPv6 relay message, to cause the device to reload."); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?239272f7"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug ID CSCus55821."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1348"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/23"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/06"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_ios_version.nasl"); script_require_keys("Host/Cisco/IOS/Version"); exit(0); } include("audit.inc"); include("cisco_func.inc"); include("cisco_kb_cmd_func.inc"); flag = 0; override = 0; ver = get_kb_item_or_exit("Host/Cisco/IOS/Version"); # Check for vuln version if ( ver == '15.0(1)SY3' ) flag++; if ( ver == '15.0(1)SY4' ) flag++; if ( ver == '15.0(1)SY5' ) flag++; if ( ver == '15.0(1)SY6' ) flag++; if ( ver == '15.0(1)SY7' ) flag++; if ( ver == '15.0(1)SY7a' ) flag++; if ( ver == '15.0(1)SY8' ) flag++; if ( ver == '15.0(1)SY9' ) flag++; if ( ver == '15.1(1)SY1' ) flag++; if ( ver == '15.1(1)SY2' ) flag++; if ( ver == '15.1(1)SY3' ) flag++; if ( ver == '15.1(1)SY4' ) flag++; if ( ver == '15.1(1)SY5' ) flag++; if ( ver == '15.1(1)SY6' ) flag++; if ( ver == '15.1(2)SY' ) flag++; if ( ver == '15.1(2)SY1' ) flag++; if ( ver == '15.1(2)SY2' ) flag++; if ( ver == '15.1(2)SY3' ) flag++; if ( ver == '15.1(2)SY4' ) flag++; if ( ver == '15.1(2)SY4a' ) flag++; if ( ver == '15.1(2)SY5' ) flag++; if ( ver == '15.1(2)SY6' ) flag++; if ( ver == '15.2(1)E' ) flag++; if ( ver == '15.2(1)E1' ) flag++; if ( ver == '15.2(1)E2' ) flag++; if ( ver == '15.2(1)E3' ) flag++; if ( ver == '15.2(2)E' ) flag++; if ( ver == '15.2(2)E1' ) flag++; if ( ver == '15.2(2)E2' ) flag++; if ( ver == '15.2(2)E3' ) flag++; if ( ver == '15.2(2a)E1' ) flag++; if ( ver == '15.2(2a)E2' ) flag++; if ( ver == '15.2(3)E' ) flag++; if ( ver == '15.2(3)E1' ) flag++; if ( ver == '15.2(3)E2' ) flag++; if ( ver == '15.2(3a)E' ) flag++; if ( ver == '15.2(3m)E2' ) flag++; if ( ver == '15.2(3m)E3' ) flag++; if ( ver == '15.2(4)E' ) flag++; if ( ver == '15.2(2)EB' ) flag++; if ( ver == '15.2(2)EB1' ) flag++; if ( ver == '15.2(1)EY' ) flag++; if ( ver == '15.2(2)EA1' ) flag++; if ( ver == '15.2(2)EA2' ) flag++; if ( ver == '15.2(3)EA' ) flag++; if ( ver == '15.2(4)EA' ) flag++; if ( ver == '15.2(1)S' ) flag++; if ( ver == '15.2(1)S1' ) flag++; if ( ver == '15.2(1)S2' ) flag++; if ( ver == '15.2(2)S' ) flag++; if ( ver == '15.2(2)S0a' ) flag++; if ( ver == '15.2(2)S0c' ) flag++; if ( ver == '15.2(2)S1' ) flag++; if ( ver == '15.2(2)S2' ) flag++; if ( ver == '15.2(4)S' ) flag++; if ( ver == '15.2(4)S1' ) flag++; if ( ver == '15.2(4)S2' ) flag++; if ( ver == '15.2(4)S3' ) flag++; if ( ver == '15.2(4)S3a' ) flag++; if ( ver == '15.2(4)S4' ) flag++; if ( ver == '15.2(4)S4a' ) flag++; if ( ver == '15.2(4)S5' ) flag++; if ( ver == '15.2(4)S6' ) flag++; if ( ver == '15.2(4)S7' ) flag++; if ( ver == '15.2(2)SNG' ) flag++; if ( ver == '15.2(2)SNH1' ) flag++; if ( ver == '15.2(2)SNI' ) flag++; if ( ver == '15.2(1)SY' ) flag++; if ( ver == '15.2(1)SY0a' ) flag++; if ( ver == '15.2(1)SY1' ) flag++; if ( ver == '15.2(1)SY1a' ) flag++; if ( ver == '15.2(2)SY' ) flag++; if ( ver == '15.3(1)S' ) flag++; if ( ver == '15.3(1)S1' ) flag++; if ( ver == '15.3(1)S2' ) flag++; if ( ver == '15.3(2)S' ) flag++; if ( ver == '15.3(2)S0a' ) flag++; if ( ver == '15.3(2)S1' ) flag++; if ( ver == '15.3(2)S2' ) flag++; if ( ver == '15.3(3)S' ) flag++; if ( ver == '15.3(3)S1' ) flag++; if ( ver == '15.3(3)S1a' ) flag++; if ( ver == '15.3(3)S2' ) flag++; if ( ver == '15.3(3)S3' ) flag++; if ( ver == '15.3(3)S4' ) flag++; if ( ver == '15.3(3)S5' ) flag++; if ( ver == '15.3(3)S6' ) flag++; if ( ver == '15.4(1)S' ) flag++; if ( ver == '15.4(1)S1' ) flag++; if ( ver == '15.4(1)S2' ) flag++; if ( ver == '15.4(1)S3' ) flag++; if ( ver == '15.4(1)S4' ) flag++; if ( ver == '15.4(2)S' ) flag++; if ( ver == '15.4(2)S1' ) flag++; if ( ver == '15.4(2)S2' ) flag++; if ( ver == '15.4(2)S3' ) flag++; if ( ver == '15.4(2)S4' ) flag++; if ( ver == '15.4(3)S' ) flag++; if ( ver == '15.4(3)S1' ) flag++; if ( ver == '15.4(3)S2' ) flag++; if ( ver == '15.4(3)S3' ) flag++; if ( ver == '15.4(3)S4' ) flag++; if ( ver == '15.5(1)S' ) flag++; if ( ver == '15.5(1)S1' ) flag++; if ( ver == '15.5(1)S2' ) flag++; if ( ver == '15.5(1)S3' ) flag++; if ( ver == '15.5(2)S' ) flag++; if ( ver == '15.5(2)S1' ) flag++; if ( ver == '15.5(2)S2' ) flag++; if ( ver == '15.5(3)S' ) flag++; if ( ver == '15.5(3)S0a' ) flag++; if ( ver == '15.5(3)S1' ) flag++; if ( ver == '15.5(3)S1a' ) flag++; if ( ver == '15.5(3)SN' ) flag++; # Check for DHCPv6 Relay if (flag && get_kb_item("Host/local_checks_enabled")) { flag = 0; buf = cisco_command_kb_item("Host/Cisco/Config/show_ipv6_dhcp_interface", "show ipv6 dhcp interface"); if (check_cisco_result(buf)) { if ("is in relay mode" >< buf) flag = 1; } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; } } if (flag) { if (report_verbosity > 0) { report = '\n Cisco bug ID : CSCus55821' + '\n Installed release : ' + ver + '\n'; security_hole(port:0, extra:report + cisco_caveat(override)); exit(0); } else security_hole(port:0, extra:cisco_caveat(override)); } else audit(AUDIT_HOST_NOT, "affected");

References

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.