Vulnerabilities > CVE-2018-0473 - Unspecified vulnerability in Cisco IOS 15.2(4)E/15.2(5)

047910
CVSS 8.6 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
cisco
nessus

Summary

A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Precision Time Protocol. The vulnerability is due to insufficient processing of PTP packets. An attacker could exploit this vulnerability by sending a custom PTP packet to, or through, an affected device. A successful exploit could allow the attacker to cause a DoS condition for the PTP subsystem, resulting in time synchronization issues across the network.

Vulnerable Configurations

Part Description Count
OS
Cisco
2

Nessus

NASL familyCISCO
NASL idCISCO-SA-20180926-PTP.NASL
descriptionAccording to its self-reported version, the IOS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.
last seen2020-04-30
modified2018-10-05
plugin id117953
published2018-10-05
reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/117953
titleCisco IOS Software PTP DoS Vulnerability (cisco-sa-20180926-ptp)
code
#TRUSTED 680d390a04694b42b7c1d1aecafe3d3f970b2a41af2258e8fb5f3f396828eead3ef3c8be06e97cc6cfbb6927eb5668c9d733c28d1e8afbb94f44bae30f5a30873a37897f9badec653c24d04aca1ce988a002809c6076e62457599073507afd53f6a1486a1a019d0ac7a56b39ef1a683363edd644336543109427c131a6f6244e1ac3610c5fae74acb908f7353fe21a9a933cfe141c91afae41bd71112431747c3d27674a968ca5beb588d91f2933051897a568e669690c6eb1053d6fd1993d1db166e404b9ab1e83ead2641609e1977d6b003114d1a3f235c7aae1c98e62a74913c175bccf78aacdd411bc1ae29b7aaac3f705f7bb78319c1a2edfd9e7ef6d2307fe16e637d4eb116bb3f343f4fb2eeb7df6d4cb1af8ed1e27818be171992c8255fb6c76cdb7c67411c286a8f94688358d9cce208c0497124206bdc46bb0ed26e233666525e2b5dd3b740914763616d6b1571482abef8a4cfc628d73feb2062f4013dd3f18ce1527b39bdd4741aa1307637c2e038d94a249be9fab77a6f6f40d8d0d9a7435571e419e2f48a7a59c6916645685dbbd7aaba1d972b1e34270cc107853f01ecb9710b5137d8e96414db2162073b523e5e7133e6e083ea81601082759faff0f97f146b3c1c75d511e5805792eb5c06288756afe0c73e54bad1b1c3390a1079944f7406c1e2239c087aa408875b454b6b0b25f7e38ba24cdb8f9156e
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(117953);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/27");

  script_cve_id("CVE-2018-0473");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvf94015");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvh77659");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20180926-ptp");
  script_xref(name:"IAVA", value:"2018-A-0312");

  script_name(english:"Cisco IOS Software PTP DoS Vulnerability (cisco-sa-20180926-ptp)");
  script_summary(english:"Checks the IOS version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the IOS is affected
by one or more vulnerabilities. Please see the included Cisco BIDs
and the Cisco Security Advisory for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ptp
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2643cbd3");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf94015");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh77659");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID(s)
CSCvf94015 and CSCvh77659.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0473");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/09/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cpe:/o:cisco:ios");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_version.nasl");
  script_require_keys("Host/Cisco/IOS/Version", "Host/Cisco/IOS/Model");

  exit(0);
}

include("audit.inc");
include("cisco_workarounds.inc");
include("ccf.inc");
include("lists.inc");

product_info = cisco::get_product_info(name:"Cisco IOS");
product_info.model = get_kb_item_or_exit("Host/Cisco/IOS/Model");

vuln_models = make_list(
  "CGS-25[0-9]{2}-",
  "IE-2000-",
  "IE-2000U-",
  "IE-3000-",
  "IE-3010-",
  "IE-4000-",
  "IE-4010-",
  "IE-5000-"
);

version_list = make_list(
  "12.2(55)SE",
  "12.2(46)SE2",
  "12.2(50)SE2",
  "12.2(50)SE1",
  "12.2(50)SE5",
  "12.2(55)SE3",
  "12.2(52)SE",
  "12.2(58)SE",
  "12.2(50)SE3",
  "12.2(52)SE1",
  "12.2(46)SE1",
  "12.2(50)SE4",
  "12.2(50)SE",
  "12.2(58)SE1",
  "12.2(55)SE4",
  "12.2(58)SE2",
  "12.2(55)SE5",
  "12.2(55)SE6",
  "12.2(55)SE7",
  "12.2(55)SE9",
  "12.2(55)SE10",
  "12.2(55)SE11",
  "12.2(55)SE12",
  "12.2(53)EZ",
  "15.0(1)EY",
  "15.0(1)EY2",
  "15.0(2)EY",
  "15.0(2)EY1",
  "15.0(2)EY2",
  "15.0(2)EY3",
  "15.0(2)SE",
  "15.0(2)SE1",
  "15.0(2)SE2",
  "15.0(2)SE3",
  "15.0(2)SE4",
  "15.0(2)SE5",
  "15.0(2)SE6",
  "15.0(2)SE7",
  "15.0(2)SE8",
  "15.0(2)SE9",
  "15.0(2)SE10",
  "15.0(2)SE11",
  "15.0(2)SE10a",
  "15.0(2)EX2",
  "15.0(2)EX8",
  "15.2(2)E",
  "15.2(2)E1",
  "15.2(2b)E",
  "15.2(3)E1",
  "15.2(2)E2",
  "15.2(2)E3",
  "15.2(3)E2",
  "15.2(3)E3",
  "15.2(2)E4",
  "15.2(2)E5",
  "15.2(3)E4",
  "15.2(5)E",
  "15.2(2)E6",
  "15.2(5)E1",
  "15.2(2)E5a",
  "15.2(3)E5",
  "15.2(2)E5b",
  "15.2(5a)E1",
  "15.2(2)E7",
  "15.2(5)E2",
  "15.2(6)E",
  "15.2(5)E2b",
  "15.2(5)E2c",
  "15.2(2)E8",
  "15.2(6)E0a",
  "15.2(2)E7b",
  "15.2(6)E0c",
  "15.2(4)E8",
  "15.2(1)EY",
  "15.0(2)EH",
  "15.0(2)EK",
  "15.0(2)EK1",
  "15.2(2)EB",
  "15.2(2)EB1",
  "15.2(2)EB2",
  "15.2(2)EA",
  "15.2(2)EA2",
  "15.2(3)EA",
  "15.2(3)EA1",
  "15.2(4)EA",
  "15.2(4)EA1",
  "15.2(2)EA3",
  "15.2(4)EA3",
  "15.2(5)EA",
  "15.2(4)EA4",
  "15.2(4)EA2",
  "15.2(4)EA5",
  "15.2(4a)EA5",
  "15.2(4)EC1",
  "15.2(4)EC2",
  "15.1(3)SVK4b",
  "15.3(3)JI"
  );

workarounds = make_list(CISCO_WORKAROUNDS['ptp_clock']);
workaround_params = make_list();

reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_HOLE,
  'version'  , product_info['version'],
  'bug_id'   , "CSCvf94015 and CSCvh77659",
  'cmds'     , make_list("show ptp clock")
);

if (collib::contains(compare:function () {return _FCT_ANON_ARGS[0] =~ _FCT_ANON_ARGS[1];}, item:product_info.model, list:vuln_models))
  cisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list);
else
  audit(AUDIT_DEVICE_NOT_VULN, product_info.model);