| code | #TRUSTED 57be6f9487e5e105d314e0740e13cfe008faf82fe786b19adbfbaeb6949885216d8f9a9628d137ad9b65a0542f990d8b3f3f0bfacb03b025c327caa3401d12c5d2a8c3ca5e1e532b6ad251c590637785f7de1ab994ce863f89b36aed77866b1fa8e92a92c5c6f397b6544399936f05cefe4369c065657f04d6d65911df2795c12b6139ac86104596c450c358c2238b5919aa9689a50dd07ec6e4e92b70bbdad2ff3365635c053e71ff802e2fa97876b02ef5fe18e9cebf3ef6dc7e78936827cb94e636df5e6f7232d7c03e0efb3cff428a9796647ac5c9ec92147d7329fd03797dbc61a944f1180fc27c608fc97ad473008cc3b6919d77795e99a8ff6cd5572b68a746e64acfc117abbe5a813205d049646ecdc682b3a72604caa62c0486ac46e9e6bd3db0a008b20d8c251c4118c6cc7fb089ff266dd7034c51a1318245c714f343e7c0b052c6ee198cafb9bab825225ec005be9e8839dda187070cfbdf5c2f0ee3403a9ef535617454fdc4e33564ca4da8ea11b22440fe4c0194992a59de89ef49dcdebb6600539e16f7ce0d4adcd5d975f5b3cbdd4c99c8000d5b6f2d90ce1a989bd240209aa9d15b85aaf78cff98508ae11dda10a0eae30d77665b5dfd65f7d90beb593d983458b3e3d016c0c9c8707e237f618c1dc8e523bd05ce563b40bb4592be8f512ba2eaf568618933a74dd5ba921ddfb6ef62bfaedf42764657f6
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(129558);
script_version("1.9");
script_cvs_date("Date: 2019/12/20");
script_cve_id("CVE-2019-12652");
script_xref(name:"CISCO-BUG-ID", value:"CSCvk66730");
script_xref(name:"CISCO-SA", value:"cisco-sa-20190925-cat4000-tcp-dos");
script_xref(name:"IAVA", value:"2019-A-0354");
script_name(english:"Cisco Catalyst 4000 Series Switches TCP Denial of Service Vulnerability (cisco-sa-20190925-cat4000-tcp-dos)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS Software is affected by following vulnerability:
- A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series
Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an
affected device. The vulnerability is due to improper resource allocation when processing TCP packets directed
to the device on specific Cisco Catalyst 4000 Series Switches. An attacker could exploit this vulnerability by
sending crafted TCP streams to an affected device. A successful exploit could cause the affected device to run
out of buffer resources, impairing operations of control plane and management plane protocols, resulting in a
DoS condition. (CVE-2019-12652)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-cat4000-tcp-dos
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3f0feb22");
script_set_attribute(attribute:"see_also", value:"http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-72547");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk66730");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvk66730");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12652");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(399);
script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25");
script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_version.nasl");
script_require_keys("Host/Cisco/IOS/Version");
exit(0);
}
include('audit.inc');
include('cisco_workarounds.inc');
include('ccf.inc');
product_info = cisco::get_product_info(name:'Cisco IOS');
# Check if Catalyst
if ('catalyst' >!< tolower(product_info.model) && product_info.model !~ "C[0-9]{4}")
audit(AUDIT_HOST_NOT, "affected");
# Check model number
if (product_info.model !~ "4\d\d\d($|[^\d])")
audit(AUDIT_HOST_NOT, "affected");
version_list = make_list(
'15.2(4)E8',
'15.2(4)E7',
'15.2(4)E6',
'15.2(4)E5a',
'15.2(4)E5',
'15.2(4)E4',
'15.2(4)E3',
'15.2(4)E2',
'15.2(4)E1',
'15.2(4)E',
'15.2(3)E5',
'15.2(3)E4',
'15.2(3)E3',
'15.2(3)E2',
'15.2(3)E1',
'15.2(3)E',
'15.2(2b)E',
'15.2(2)E9a',
'15.2(2)E9',
'15.2(2)E8',
'15.2(2)E7b',
'15.2(2)E7',
'15.2(2)E6',
'15.2(2)E5b',
'15.2(2)E5a',
'15.2(2)E5',
'15.2(2)E4',
'15.2(2)E3',
'15.2(2)E2',
'15.2(2)E10',
'15.2(2)E1',
'15.2(2)E',
'15.2(1)E3',
'15.2(1)E1',
'15.2(1)E',
'15.1(2)SG8',
'15.1(2)SG7',
'15.1(2)SG6',
'15.1(2)SG5',
'15.1(2)SG4',
'15.1(2)SG3',
'15.1(2)SG2',
'15.1(2)SG1',
'15.1(2)SG',
'15.1(1)SG2',
'15.1(1)SG1',
'15.1(1)SG',
'15.0(2)XO',
'15.0(2)SG9',
'15.0(2)SG8',
'15.0(2)SG7',
'15.0(2)SG6',
'15.0(2)SG5',
'15.0(2)SG4',
'15.0(2)SG3',
'15.0(2)SG2',
'15.0(2)SG11a',
'15.0(2)SG11',
'15.0(2)SG10',
'15.0(2)SG1',
'15.0(2)SG',
'15.0(2)EX8',
'15.0(2)EX2',
'15.0(1)XO1',
'15.0(1)XO'
);
workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);
workaround_params = make_list();
reporting = make_array(
'port' , 0,
'severity' , SECURITY_HOLE,
'version' , product_info['version'],
'bug_id' , 'CSCvk66730'
);
cisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list);
|