code |
include("compat.inc");
if (description)
{
script_id(103669);
script_version("1.9");
script_cvs_date("Date: 2019/11/12");
script_cve_id("CVE-2017-12231");
script_bugtraq_id(101039);
script_xref(name:"CISCO-BUG-ID", value:"CSCvc57217");
script_xref(name:"CISCO-SA", value:"cisco-sa-20170927-nat");
script_name(english:"Cisco IOS Software NAT denial of service (cisco-sa-20170927-nat)");
script_summary(english:"Checks the IOS version.");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version and configuration, the Cisco
IOS software running on the remote device is affected by a denial of
service vulnerability in the Network Address Translation (NAT)
feature. An unauthenticated, remote attacker can exploit this, via
specially crafted NAT requests, to cause the switch to stop processing
traffic, requiring a device restart to regain functionality.");
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a7014611");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCvc57217");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/27");
script_set_attribute(attribute:"patch_publication_date", value:"2017/09/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/05");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_version.nasl");
script_require_keys("Host/Cisco/IOS/Version");
exit(0);
}
include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");
flag = 0;
override = 0;
ver = get_kb_item_or_exit("Host/Cisco/IOS/Version");
vuln_versions = make_list(
'15.2(4)M8',
'15.2(4)M10',
'15.2(4)M9',
'15.3(3)S6',
'15.2(1)EY1',
'12.4(25e)JAO3a',
'12.4(25e)JAO20s',
'15.3(3)M6',
'15.5(2)S',
'15.3(3)JN',
'15.5(3)M',
'15.1(4)M11',
'15.4(1)T4',
'15.6(1)S',
'15.5(3)S',
'15.3(3)SA',
'15.6(1)T',
'15.5(2)T',
'15.4(3)S3',
'15.2(2)E3',
'15.4(3)M3',
'12.4(25e)JAP3',
'12.4(25e)JAO5m',
'15.1(4)M12',
'15.2(3)EA1',
'15.2(1)EY2',
'15.2(2)JA3',
'15.2(4)JB8',
'15.2(4)S7',
'15.3(3)JAX3',
'15.3(3)JN5',
'15.3(3)M7',
'15.3(3)S7',
'15.4(3)M4',
'15.4(1)S4',
'15.4(2)S4',
'15.4(3)S4',
'15.4(3)SN2',
'15.4(2)T4',
'15.5(1)S2',
'15.5(1)S3',
'15.5(2)S1',
'15.5(2)S2',
'15.5(2)SN0a',
'15.5(1)T2',
'15.5(1)T3',
'15.5(2)T1',
'15.5(2)T2',
'15.6(2)S',
'15.6(2)T',
'15.3(3)S8',
'15.5(3)M1',
'15.3(3)M8',
'15.5(3)SN1',
'15.3(3)JN6',
'15.5(3)M0a',
'15.3(3)JBB3',
'15.5(3)S1',
'15.2(4)S8',
'15.2(4)M11',
'15.4(3)S5',
'15.5(2)T3',
'15.5(3)S1a',
'15.4(3)M5',
'15.5(2)S3',
'15.5(3)M2',
'15.6(2)S1',
'12.4(25e)JAP1n',
'15.6(1)T0a',
'15.5(3)S2',
'15.3(3)JBB7',
'15.6(2)SP',
'15.6(1)S1',
'15.3(3)JC30',
'15.6(1)T1',
'15.2(3)E2a',
'15.5(3)S0a',
'15.5(2)XB',
'15.3(3)S6a',
'15.3(3)S9',
'15.5(3)S3',
'15.5(3)M2a',
'15.5(3)S2a',
'15.3(3)JBB6a',
'15.5(3)M3',
'15.2(3)EX',
'15.4(3)S6',
'15.5(2)T4',
'15.3(3)JPB',
'15.6(3)M',
'15.6(1)S2',
'15.4(3)M6',
'15.5(1)S4',
'15.5(1)T4',
'15.3(3)JNP2',
'15.6(2)S0a',
'15.6(2)T1',
'15.4(3)S5a',
'15.5(3)S2b',
'15.6(1)S1a',
'15.6(1)T2',
'15.6(2)T0a',
'12.4(25e)JAP9',
'15.2(4)EC',
'15.5(2)S4',
'15.1(2)SG7a',
'15.5(3)S3a',
'15.3(3)JC50',
'15.3(3)JC51',
'15.6(2)S2',
'15.6(2)T2',
'15.3(3)JN10',
'15.2(4)EB',
'15.5(3)M4',
'15.5(3)S4',
'15.6(3)M1',
'15.4(3)S7',
'15.6(2)SP1',
'15.6(3)M0a',
'15.1(4)M12a',
'15.3(3)M8a',
'15.3(3)S8a',
'15.4(3)M6a',
'15.4(3)S6a',
'15.3(3)JPB2',
'15.5(3)S4a',
'15.5(3)M4a',
'15.5(3)S4b',
'15.2(2)E5b',
'15.6(1)S3',
'15.5(3)M4b',
'15.5(3)S5',
'15.2(5a)E1',
'15.5(3)M4c',
'15.6(2)SP1b',
'15.5(3)S4d',
'15.6(3)M1a',
'15.6(2)SP1c',
'15.6(3)M1b',
'15.6(2)SP2',
'15.2(4a)EA5',
'15.5(3)S4e',
'15.3(3)JPC3',
'15.3(3)JDA3',
'15.5(3)S5a',
'15.4(3)S6b',
'15.4(3)S7a',
'15.3(3)JNC4',
'15.4(3)M7a',
'15.5(3)S5b',
'15.6(2)S3',
'15.3(3)JC7',
'15.6(2)SP2a',
'15.3(3)JND2',
'15.3(3)JCA7',
'15.0(2)SQD7',
'15.3(3)JNP4',
'15.2(5)E2a',
'15.2(5)E2b',
'15.3(3)JE1',
'15.3(3)JN12',
'15.6(2)S4',
'15.3(3)JD7',
'15.3(3)JF1'
);
foreach version (vuln_versions)
{
if (version == ver)
{
flag++;
break;
}
}
if (flag && get_kb_item("Host/local_checks_enabled"))
{
flag = 0;
buf = cisco_command_kb_item("Host/Cisco/Config/show_run_|_include_ip_nat",
"show run | include ip nat");
if (check_cisco_result(buf))
{
if (preg(multiline:TRUE, pattern:"ip nat", string:buf))
{
buf = cisco_command_kb_item("Host/Cisco/Config/show_run_|_include_ip_nat_service_ras",
"show run | include ip nat service ras");
if (!preg(multiline:TRUE, pattern:"no ip nat service ras", string:buf))
flag++;
}
}
else if (cisco_needs_enable(buf))
{
flag++;
override++;
}
}
if (flag)
{
security_report_cisco(
port : 0,
severity : SECURITY_HOLE,
override : override,
version : ver,
bug_id : 'CSCvc57217',
cmds : make_list('show running-config', 'show run | include ip nat', 'show run | include ip nat service ras')
);
}
else audit(AUDIT_INST_VER_NOT_VULN, "Cisco IOS software", ver);
|