code | #TRUSTED 37f5523f0590e8b6c0423d6632fb7c22a482c7a13374d970cafbebe24ac2aea5e72c436a032a9b844dac13d4410876f92aabdb96edb30381a002ebe96050b1f4db1b1475a508abbd6534da957fadc3972487e5ecf7141fbdc440a90076c9f7640b38824f1e68adf2c701854ecf3aec6278ba225bed8162c9b22d885688e940c056eb03031b6a94db2eafbd07552e63947bbadf06166662c2bdad321d146d95fb783a4d4be61170b446a9b06e414cbe2acfce19a861161982420bc7e502f8fd879a5f672a9130b6ba01ac5c1d778973b8a3c9657ee79a15f8d340dfc0e29196bc4573af953e3adc544b1511cd1a7dcc1973c670999346115bc0800f87fe4bcb1a64f654fd745ecca788187100b3a334db4d1b4df4a31a33278d4a172558d6ff8134db9085d1913e6588d2618b4f99addde0acf9c86bc655ebdc906a2c77be6254b08d313594aab1a2c9ed61082085ead42a5aa1408e9cb1eb733fd60ea3bc5be591a7f9ecb8f931ca072957686fb51b4c2d5f7f3d088c5eec2f307f05b8216851d3b8ec6c9173923c2c584fa906238474934cf6e34d0c354a4cf1f516521bc3871f8ebc53f8f5da793f0a5b8176287324cb31aec411623efd92f2e5505de6a886529557d50672f9484c7b6a6b8e712a82a36ea1aa14e567f8a07152f316b00a903cd646c7080128d5f661e183ff3b930a59191eee17c86bc1bd14e37b9b530073
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(124196);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/29");
script_cve_id("CVE-2018-0177");
script_xref(name:"CISCO-BUG-ID", value:"CSCvd80714");
script_xref(name:"CISCO-SA", value:"cisco-sa-20180328-ipv4");
script_name(english:"Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service Vulnerability");
script_summary(english:"Checks the version of Cisco IOS XE Software");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS XE Software is
affected by a vulnerability in the IP Version 4 (IPv4) processing code
of Cisco IOS XE Software running on Cisco Catalyst 3850 and
Cisco Catalyst 3650 Series Switches could allow an unauthenticated,
remote attacker to cause high CPU utilization, traceback messages,
or a reload of an affected device that leads to a denial of service
(DoS) condition.
The vulnerability is due to incorrect processing
of certain IPv4 packets. An attacker could exploit this vulnerability
by sending specific IPv4 packets to an IPv4 address on an affected
device. A successful exploit could allow the attacker to cause high
CPU utilization, traceback messages, or a reload of the affected
device that leads to a DoS condition. If the switch does not reboot
when under attack, it would require manual intervention to reload
the device.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a61dfafd");
# https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd80714
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?00b9b268");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCvd80714");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0177");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/28");
script_set_attribute(attribute:"patch_publication_date", value:"2018/03/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xe_version.nasl");
script_require_keys("Host/Cisco/IOS-XE/Version", "Host/Cisco/IOS-XE/Model");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
product_info = cisco::get_product_info(name:"Cisco IOS XE Software");
device_model = get_kb_item_or_exit('Host/Cisco/device_model');
model = get_kb_item('Host/Cisco/IOS-XE/Model');
if( device_model !~ 'cat' || (model !~ '3850' && model !~ '3650')) audit(AUDIT_HOST_NOT, "affected");
version_list=make_list(
'3.18.3bSP',
'16.1.1',
'16.1.2',
'16.1.3',
'16.2.1',
'16.2.2',
'16.3.1',
'16.3.2',
'16.3.3',
'16.3.1a',
'16.4.1',
'16.4.2',
'16.4.3',
'16.5.1',
'16.5.1b'
);
reporting = make_array(
'port' , 0,
'severity' , SECURITY_HOLE,
'version' , product_info['version'],
'bug_id' , 'CSCvd80714'
);
cisco::check_and_report(product_info:product_info, reporting:reporting, vuln_versions:version_list);
|