Vulnerabilities > CVE-2016-1459 - Resource Management Errors vulnerability in Cisco IOS and IOS XE
Attack vector
NETWORK Attack complexity
HIGH Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family CISCO NASL id CISCO-SA-20160715-BGP-IOSXE.NASL description The Cisco IOS XE Software running on the remote device is missing a security patch. It is, therefore, affected by a denial of service vulnerability in the Border Gateway Protocol (BGP) message processing functions due to improper processing of BGP attributes. An authenticated, remote attacker can exploit this, via specially crafted BGP messages under certain unspecified conditions, to cause the affected device to reload. Note that Nessus has not tested for the presence of the workarounds referenced in the vendor advisory. last seen 2020-06-01 modified 2020-06-02 plugin id 93123 published 2016-08-26 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93123 title Cisco IOS XE Software Border Gateway Protocol Message Processing DoS (cisco-sa-20160715-bgp) code #TRUSTED 53c229a78bd2158715b4b4536fd1d072518d875b6e427f404218e5937b53a74125123cb2765799f3f33924d23482b44f79863ad97bc236d1c468a2b0284b8e27545dfdf9b2fe43f4a8a9f44ae4c4dd8f391f20e83a3d8c0fc25a987ee69ef3df7f9185cf9273bdcefd765ec26c19d52e7b60f140c089b7a637ea2c87669e401fe04a23b13ff77dfd1ea8ab8de7f6b5b9617e49e9869dfadcb25b3461ba01af4754f62511ce89e949274f50d428cae62170fa306344e7f2bc97fc513bd001730458fc7bb048c1bb840e2de09f9e93c410e3fd72e893cf08743073f112d5122b3f9d810dcde4500ce3a99c526052c2de4e08e4007a557cc30b232063690fe7eafa26ab6273c943e80251cc960a7ad26fd5f042cdbf801732f95d207c80fc02a6d9f12933ab3b7cce9c74fa7cdba52d7c83881b1172091a362a8d30fbb61cd9eeb9eeceac512aafaafbe67cafd5d827a2fc2e12e47c76810b0f8592e77bb9d848d24b5710b488fd789480edcb5ef7a2696f07f51b9b3bdfef9b71e6659374dc1fcd625815e214f298d1f9955e730eb3437e946f94771f78292419a72a01f2f704dd28483567deee35b79a02600b5c5210360dac29bc36c19b75a6ef7d1fa809a7e8805ec26c884e6f77d87e789c4f53090afb17421b6f7457a0eb8fb77d1305289892f950f9d4f165d5e04287a8ff2de625d4dd00c0519997aecebfb9ac7efcd496 # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(93123); script_version("1.6"); script_cvs_date("Date: 2019/11/14"); script_cve_id("CVE-2016-1459"); script_bugtraq_id(91800); script_xref(name:"CISCO-BUG-ID", value:"CSCuz21061"); script_xref(name:"CISCO-SA", value:"cisco-sa-20160715-bgp"); script_name(english:"Cisco IOS XE Software Border Gateway Protocol Message Processing DoS (cisco-sa-20160715-bgp)"); script_summary(english:"Checks the IOS XE version."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "The Cisco IOS XE Software running on the remote device is missing a security patch. It is, therefore, affected by a denial of service vulnerability in the Border Gateway Protocol (BGP) message processing functions due to improper processing of BGP attributes. An authenticated, remote attacker can exploit this, via specially crafted BGP messages under certain unspecified conditions, to cause the affected device to reload. Note that Nessus has not tested for the presence of the workarounds referenced in the vendor advisory."); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160715-bgp script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?94ed1c7e"); script_set_attribute(attribute:"solution", value: "Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20160715-bgp. Alternatively, set a 'maxpath-limit' value for BGP MIBs or suppress the use of BGP MIBs."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/15"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/26"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_ios_xe_version.nasl"); script_require_keys("Host/Cisco/IOS-XE/Version"); exit(0); } include("audit.inc"); include("cisco_func.inc"); include("cisco_kb_cmd_func.inc"); app_name = "Cisco IOS-XE"; version = get_kb_item_or_exit("Host/Cisco/IOS-XE/Version"); if ( version != "Cisco IOS XE Software 3.13S 3.13.5S" && version != "Cisco IOS XE Software 3.13S 3.13.2S" && version != "Cisco IOS XE Software 3.13S 3.13.3S" && version != "Cisco IOS XE Software 3.13S 3.13.4S" && version != "Cisco IOS XE Software 3.14S 3.14.0S" && version != "Cisco IOS XE Software 3.14S 3.14.1S" && version != "Cisco IOS XE Software 3.14S 3.14.2S" && version != "Cisco IOS XE Software 3.14S 3.14.3S" && version != "Cisco IOS XE Software 3.14S 3.14.4S" && version != "Cisco IOS XE Software 3.15S 3.15.1cS" && version != "Cisco IOS XE Software 3.15S 3.15.3S" && version != "Cisco IOS XE Software 3.15S 3.15.2S" && version != "Cisco IOS XE Software 3.17S 3.17.0S" && version != "Cisco IOS XE Software 3.17S 3.17.2S" && version != "Cisco IOS XE Software 3.17S 3.17.1S" && version != "Cisco IOS XE Software 3.16S 3.16.3S" && version != "Cisco IOS XE Software 3.16S 3.16.0cS" && version != "Cisco IOS XE Software 3.16S 3.16.1aS" && version != "Cisco IOS XE Software 3.16S 3.16.2S" ) audit(AUDIT_INST_VER_NOT_VULN, app_name, version); # We don't check for workarounds, so only flag if paranoid if (report_paranoia < 2) audit(AUDIT_PARANOID); ## If the target does not have BGP active, exit caveat = ''; # Since cisco_ios_version.nasl removes "Host/local_checks_enabled" when report_paranoia > 1, # we will try to run the command without checking for local checks; a failure will return NULL buf = cisco_command_kb_item("Host/Cisco/Config/show_ip_bgp", "show ip bgp", 0); # check_cisco_result() would cause false positives on devices that do not support BGP, # so we are only looking for authorization-related error messages or NULL if ( ("% This command is not authorized" >< buf) || ("ERROR: Command authorization failed" >< buf) || empty_or_null(buf) ) caveat = cisco_caveat(); else if (!preg(pattern:"BGP table version", multiline:TRUE, string:buf)) audit(AUDIT_HOST_NOT, "affected because BGP is not active"); if (report_verbosity > 0) { report = '\n Cisco bug ID : CSCuz21061' + '\n Installed release : ' + version + '\n Fixed release : ' + report_fixed_version + '\n'; security_warning(port:0, extra:report + caveat); } else security_warning(port:0, extra:caveat);
NASL family CISCO NASL id CISCO-SA-20160715-BGP-IOS.NASL description The Cisco IOS Software running on the remote device is missing a security patch. It is, therefore, affected by a denial of service vulnerability in the Border Gateway Protocol (BGP) message processing functions due to improper processing of BGP attributes. An authenticated, remote attacker can exploit this, via specially crafted BGP messages under certain unspecified conditions, to cause the affected device to reload. Note that Nessus has not tested for the presence of the workarounds referenced in the vendor advisory. last seen 2020-06-01 modified 2020-06-02 plugin id 93122 published 2016-08-26 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93122 title Cisco IOS Software Border Gateway Protocol Message Processing DoS (cisco-sa-20160715-bgp)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160715-bgp
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160715-bgp
- http://www.securityfocus.com/bid/91800
- http://www.securityfocus.com/bid/91800
- http://www.securitytracker.com/id/1036321
- http://www.securitytracker.com/id/1036321