Vulnerabilities > CVE-2018-15377 - Memory Leak vulnerability in Cisco IOS 15.7(3.1S)M/Denali16.3.6/Everest16.5.1
Summary
A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family CISCO NASL id CISCO-SA-20180926-PNP-MEMLEAK-IOS.NASL description According to its self-reported version, Cisco IOS is affected by a memory leak vulnerability in the Cisco Network Plug and Play agent due to insufficient input validation. An unauthenticated, remote attacker can exploit this, by sending invalid data to the Cisco Network Plug and Play agent on an affected device, to cause a memory leak on an affected device, causing it to reload. Please see the included Cisco BIDs and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 132048 published 2019-12-13 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132048 title Cisco IOS Software Software Plug and Play Agent Memory Leak(cisco-sa-20180926-pnp-memleak) code #TRUSTED a82ef7355e1f2acdc5c71e1b78cee2aaae90aa3d91e5047d222cf65bb8a2d1cb0f96bce0686c8239b16b8ab79237fea3e026a8054085a241b3d5507533907ada16fa49eb2073add61ab41795043edafe95e1bc5e1242265bdb9c9decfa15940cbaa4179da5399516a36a5b215c8a2c97f0fd6dd57ca69828ec1995925493320a81da1172a8882aff1bf9c6bcf3279eced5f108b8fcafa0d00414541e6576446f9dc70ce991b00f3999b91f991a90b9d8474284a7e1869de4bd08a4ecc00a2f51bcac0b66d9ecd3927b4800b1b74d6ad4f94296579d8b468cd048570ab21f6666616d84514999fc2a9a5cc0cce6583031fb23a98c0f1fa9326b0d2f748bbfa4d78534ae0cc5c893f8f976e0b0a557577b421cd4d97e56a9895cb9114189814a2c6bef76e67475f6c67bf7f91016b38c6c13234dbb45a80cdff8a14d303eb48d4f403c8c788b7da2a7d6ba39e8b5da93dda514ef832a94612f98850a02c914d7005f5834afb1522a400a8cde51b3007e8635275f6a97390b45b48c126cc6fbd8edb87db31090ec7eb545771f48907178c1148ce1b233b45a799de0f12437d6107e1534613ad21eaeb5a1642c868a4a037cf614c6d5ea4e6a9df337a371ac33d318f400f428f32062978e2ce3c471f714809d54c4f217d0773d7e861714d460e7f81801bf0f0996dfec599488a1c98b4fe56da4ce4714fc67ac82c68ac6bb3d8915 # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(132048); script_version("1.4"); script_cvs_date("Date: 2019/12/16"); script_cve_id("CVE-2018-15377"); script_xref(name:"CISCO-BUG-ID", value:"CSCvi30136"); script_xref(name:"CISCO-SA", value:"cisco-sa-20180926-pnp-memleak"); script_name(english:"Cisco IOS Software Software Plug and Play Agent Memory Leak(cisco-sa-20180926-pnp-memleak)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "According to its self-reported version, Cisco IOS is affected by a memory leak vulnerability in the Cisco Network Plug and Play agent due to insufficient input validation. An unauthenticated, remote attacker can exploit this, by sending invalid data to the Cisco Network Plug and Play agent on an affected device, to cause a memory leak on an affected device, causing it to reload. Please see the included Cisco BIDs and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f91b535a"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi30136"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug ID(s) CSCvi30136."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-15377"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/26"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_ios_version.nasl"); script_require_keys("Host/Cisco/IOS/Version"); exit(0); } include('cisco_workarounds.inc'); include('ccf.inc'); product_info = cisco::get_product_info(name:'Cisco IOS'); version_list = make_list( '15.2(4)E', '15.2(4)E1', '15.2(4)E2', '15.2(4m)E1', '15.2(5)E', '15.2(4)E3', '15.2(5a)E', '15.2(5)E1', '15.2(5b)E', '15.2(4m)E3', '15.2(5c)E', '15.2(4n)E2', '15.2(4o)E2', '15.2(5a)E1', '15.2(4)E4', '15.2(5)E2', '15.2(4p)E1', '15.2(6)E', '15.2(5)E2b', '15.2(4)E5', '15.2(5)E2c', '15.2(4m)E2', '15.2(4o)E3', '15.2(4q)E1', '15.2(6)E0a', '15.2(6)E1', '15.2(4)E5a', '15.2(6)E0c', '15.2(4)E6', '15.2(6)E1a', '15.2(6)E1s', '15.2(4s)E1', '15.2(4s)E2', '15.2(5)EX', '15.5(3)S', '15.5(3)S1', '15.5(3)S1a', '15.5(3)S2', '15.5(3)S0a', '15.5(3)S3', '15.5(3)S4', '15.5(3)S5', '15.5(3)S6', '15.5(3)S6a', '15.5(3)S7', '15.5(3)S6b', '15.2(4)EA', '15.2(4)EA1', '15.2(4)EA3', '15.2(5)EA', '15.2(4)EA4', '15.2(4)EA2', '15.2(4)EA5', '15.2(4)EA6', '15.5(3)M', '15.5(3)M1', '15.5(3)M0a', '15.5(3)M2', '15.5(3)M2a', '15.5(3)M3', '15.5(3)M4', '15.5(3)M4a', '15.5(3)M5', '15.5(3)M4b', '15.5(3)M4c', '15.5(3)M6', '15.5(3)M5a', '15.5(3)M7', '15.5(3)M6a', '15.5(3)SN0a', '15.5(3)SN', '15.6(1)S', '15.6(2)S', '15.6(2)S1', '15.6(1)S1', '15.6(1)S2', '15.6(2)S2', '15.6(1)S3', '15.6(2)S3', '15.6(1)S4', '15.6(2)S4', '15.6(1)T', '15.6(2)T', '15.6(1)T0a', '15.6(1)T1', '15.6(2)T1', '15.6(1)T2', '15.6(2)T0a', '15.6(2)T2', '15.6(1)T3', '15.6(2)T3', '15.3(3)JC6', '15.3(3)JC8', '15.3(3)JC9', '15.3(3)JC14', '15.3(1)SY', '15.3(0)SY', '15.3(1)SY1', '15.3(1)SY2', '15.6(2)SP', '15.6(2)SP1', '15.6(2)SP2', '15.6(2)SP3', '15.6(2)SP4', '15.6(2)SP3b', '15.6(1)SN', '15.6(1)SN1', '15.6(2)SN', '15.6(1)SN2', '15.6(1)SN3', '15.6(3)SN', '15.6(4)SN', '15.6(5)SN', '15.6(6)SN', '15.6(7)SN', '15.6(7)SN1', '15.3(3)JD3', '15.3(3)JD4', '15.3(3)JD5', '15.3(3)JD6', '15.3(3)JD7', '15.3(3)JD8', '15.3(3)JD9', '15.3(3)JD11', '15.3(3)JD12', '15.3(3)JD13', '15.3(3)JD14', '15.3(3)JD15', '15.6(3)M', '15.6(3)M1', '15.6(3)M0a', '15.6(3)M1a', '15.6(3)M1b', '15.6(3)M2', '15.6(3)M2a', '15.6(3)M3', '15.6(3)M3a', '15.6(3)M4', '15.2(4)EC1', '15.2(4)EC2', '15.4(1)SY', '15.4(1)SY1', '15.4(1)SY2', '15.4(1)SY3', '15.4(1)SY4', '15.3(3)JE', '15.3(3)JDA15', '15.5(1)SY', '15.5(1)SY1', '15.3(3)JF', '15.3(3)JF1', '15.3(3)JF2', '15.3(3)JF4', '15.3(3)JF5', '15.3(3)JF6', '15.3(3)JF7', '15.7(3)M', '15.7(3)M1', '15.7(3)M0a', '15.3(3)JG', '15.3(3)JG1', '15.3(3)JH', '15.3(3)JH1', '15.3(3)JI', '12.2(6)I1' ); workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']); workaround_params = make_list(); reporting = make_array( 'port' , 0, 'severity' , SECURITY_HOLE, 'version' , product_info['version'], 'bug_id' , 'CSCvi30136' ); cisco::check_and_report( product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list );
NASL family CISCO NASL id CISCO-SA-20180926-PNP-MEMLEAK-IOSXE.NASL description According to its self-reported version, Cisco IOS XE Software is affected by a memory leak vulnerability in the Cisco Network Plug and Play agent due to insufficient input validation. An unauthenticated, remote attacker can exploit this, by sending invalid data to the Cisco Network Plug and Play agent on an affected device, to cause a memory leak on an affected device, causing it to reload. Please see the included Cisco BIDs and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 132049 published 2019-12-13 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132049 title Cisco IOS XE Software Software Plug and Play Agent Memory Leak(cisco-sa-20180926-pnp-memleak) code #TRUSTED a80c9c8e169cc90cefbb02f99c3c7d382f2f269ce326f3013d602d8889a1a2da17ba40dc58cf9a3716d67e5939fb58f6658d21f59d471ee3beaccdd1d7afd9d51cee25c716c2e2b8e27ba70a499ecd68f582b2b85adb4f1d8eb4fdd6145c438e29c9ca5045580a6fb0f6d7662beac595acf9e17e562ccb69e742dccf475e8044055983309eee47c5d1ddb7cb48e2eb813b21ecd6b681ef6ea6039dd5fc5ce692e95eb7b00cc7a64965edeb78e318058137fc12a9fdf517e22ddb6e271e95b5b7a0f14fa04e9aad8c79099038e4a9d50c20b45c5e5d3f8e3380e450ce75d574d3b49d41847fb92b9fdbbdb6a7d253e6d69b5a290c9dd91d287b9f49a992c39988643ad003cd1b4cafa807ee21959787dadcb434978d9155c362b0936a0337f43358944fe0b8b7646d8aa328a7a43bebeac592ffb191f3acd59418b496860f32c04f764b33c56313ed81d25b3bac61bd4d01f33b94ddb8d2fa83b2ab2ba463eeda07b713a93582ef25aa66e5de50f61bd1d7482d33ff3df17be90a6dfa3fca48c4912ef11bb7a176da3ee62f754a0a908b450410bb31dc9383888817745730b9767877e73c1fbcb9861316b99d7c4af92b40fc1ee9fea5feab60b177063d2e62a1450b161b813f35f25d2bcc3675c3b0234caf546b150e326a0b512ab5b43c7c174723c177828cc34640e0eebcb3a98f76b908b4f09b6e535f119f617a39fe06ff # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(132049); script_version("1.4"); script_cvs_date("Date: 2019/12/16"); script_cve_id("CVE-2018-15377"); script_xref(name:"CISCO-BUG-ID", value:"CSCvi30136"); script_xref(name:"CISCO-SA", value:"cisco-sa-20180926-pnp-memleak"); script_name(english:"Cisco IOS XE Software Software Plug and Play Agent Memory Leak(cisco-sa-20180926-pnp-memleak)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "According to its self-reported version, Cisco IOS XE Software is affected by a memory leak vulnerability in the Cisco Network Plug and Play agent due to insufficient input validation. An unauthenticated, remote attacker can exploit this, by sending invalid data to the Cisco Network Plug and Play agent on an affected device, to cause a memory leak on an affected device, causing it to reload. Please see the included Cisco BIDs and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f91b535a"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi30136"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug ID(s) CSCvi30136."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-15377"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/26"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_ios_xe_version.nasl"); script_require_keys("Host/Cisco/IOS-XE/Version"); exit(0); } include('cisco_workarounds.inc'); include('ccf.inc'); product_info = cisco::get_product_info(name:'Cisco IOS XE Software'); version_list = make_list( '3.16.0S', '3.16.1S', '3.16.0aS', '3.16.1aS', '3.16.2S', '3.16.2aS', '3.16.0bS', '3.16.0cS', '3.16.3S', '3.16.2bS', '3.16.3aS', '3.16.4S', '3.16.4aS', '3.16.4bS', '3.16.4gS', '3.16.5S', '3.16.4cS', '3.16.4dS', '3.16.4eS', '3.16.6S', '3.16.5aS', '3.16.5bS', '3.16.7S', '3.16.6bS', '3.16.7aS', '3.16.7bS', '3.17.0S', '3.17.1S', '3.17.2S', '3.17.1aS', '3.17.3S', '3.17.4S', '16.1.1', '16.1.2', '16.1.3', '16.2.1', '16.2.2', '3.8.0E', '3.8.1E', '3.8.2E', '3.8.3E', '3.8.4E', '3.8.5E', '3.8.5aE', '3.8.6E', '16.3.1', '16.3.2', '16.3.3', '16.3.1a', '16.3.4', '16.3.5', '16.3.5b', '16.3.6', '16.4.1', '16.4.2', '16.4.3', '16.5.1', '16.5.1a', '16.5.1b', '16.5.2', '16.5.3', '3.18.0aS', '3.18.0S', '3.18.1S', '3.18.2S', '3.18.3S', '3.18.4S', '3.18.0SP', '3.18.1SP', '3.18.1aSP', '3.18.1gSP', '3.18.1bSP', '3.18.1cSP', '3.18.2SP', '3.18.1hSP', '3.18.2aSP', '3.18.1iSP', '3.18.3SP', '3.18.4SP', '3.18.3aSP', '3.18.3bSP', '3.9.0E', '3.9.1E', '3.9.2E', '3.9.2bE', '16.6.1', '16.6.2', '16.6.3', '16.7.1', '16.7.1a', '16.7.1b', '16.8.1', '16.8.1a', '16.8.1b', '16.8.1s', '16.8.1c', '3.10.0E', '3.10.1E', '3.10.0cE', '3.10.1aE', '3.10.1sE' ); workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']); workaround_params = make_list(); reporting = make_array( 'port' , 0, 'severity' , SECURITY_HOLE, 'version' , product_info['version'], 'bug_id' , 'CSCvi30136' ); cisco::check_and_report( product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list );
References
- https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02
- https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak