16.9.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

cisco

CWE-476

nessus

NVD

Published: 2019-09-25

Updated: 2023-05-22

Summary

A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS XE 15.6\(1\)S4.2 Cisco IOS XE 16.3.8 Cisco IOS XE 16.9.1	3
Hardware	Cisco Cisco 1000 Integrated Services Router - Cisco 1100 Integrated Services Router - Cisco 4000 Integrated Services Router - Cisco 4221 Integrated Services Router - Cisco 4321 Integrated Services Router - Cisco 4331 Integrated Services Router - Cisco 4351 Integrated Services Router - Cisco 4431 Integrated Services Router - Cisco 4451 X Integrated Services Router - Cisco ASR 1000 - Cisco ASR 1001 HX - Cisco ASR 1001 X - Cisco ASR 1002 HX - Cisco ASR 1002 X - Cisco Cloud Services Router 1000V - Cisco Integrated Services Virtual Router -	16

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20190925-SIP-DOS-IOS.NASL
description	A denial of service (DoS) vulnerability exists in the Session Initiation Protocol (SIP) component of Cisco IOS due to insufficient checks on an internal data structure which is populated with user submitted data. An unauthenticated, remote attacker can exploit this issue to force a restart of the system.
last seen	2020-06-01
modified	2020-06-02
plugin id	129694
published	2019-10-08
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129694
title	Cisco IOS Denial of Service Vulnerability (cisco-sa-20190925-sip-dos)
code	#TRUSTED 3a94a38b0ccf49a7b8a246b60efc039295e7f50f792d12ef6111980ab4263197c04981701c1063a7c9f15a950de8adc6f4271047c35fc4d3d89258d278e32b5277e0521e47864976ae6a1a52630953615426ea21ff94a817a762cf625e26e70ef3e21a0cedfff1b442acf563e08aa4b7ba577519e3bd90e4c0d3de0245a2effee8949cffffbe23e5148295b6df5ed1d91f335a4ac28e3f8fe4f7f67733ef91305f03e0f7c3bc6ffbee9f52ad1035afe50775d7d074d354b46925899302b892daa5a78990cdd8c7e826786d6743c09074f1e8967116ea7b3863714c800c5d2bac47117e6ee6a39f13dc2716078f6d592ac18f5610c5de764001f3a924fbaddfece0a2242cc71d68b3b0218f5ae474bf404d87ca704801112bbae15a959d85b1ac9b0a4face3d56418f7a6fe556bcf5c56092a6d0d78ef1b7af13fe4d23961300c00d937ab79156611c046eb3e913adbaa8910d0fa1b20b5a4747a90c7c68d8c5e6d0266f9fd06b77616fb6b28850fb647edcd8cd07207365e6fa69ad02b30007a3d3bf7c9022f2b6d042635a6d067a38c5f4260bdefef01611f3d14d3f11253ebef7642e4d0b6603848fce7da01603b1abaee46d89fa387ea28988557da3786b142b723a2a475b86608f64a72b1211983d79f9ccce7df593ae604002844b5c47e64c8f7b2d28b877da137b7d17b6c0c6896c6fd1b3b45bb01cc4d724c426c76f6 # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(129694); script_version("1.8"); script_cvs_date("Date: 2020/01/09"); script_cve_id("CVE-2019-12654"); script_xref(name:"CISCO-BUG-ID", value:"CSCvn00218"); script_xref(name:"CISCO-SA", value:"cisco-sa-20190925-sip-dos"); script_xref(name:"IAVA", value:"2019-A-0354"); script_name(english:"Cisco IOS Denial of Service Vulnerability (cisco-sa-20190925-sip-dos)"); script_summary(english:"Checks the IOS version."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "A denial of service (DoS) vulnerability exists in the Session Initiation Protocol (SIP) component of Cisco IOS due to insufficient checks on an internal data structure which is populated with user submitted data. An unauthenticated, remote attacker can exploit this issue to force a restart of the system."); # https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn00218 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6e59804f"); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e0995245"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug ID(s)CSCvn00218."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12654"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(476); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_ios_version.nasl"); script_require_keys("Host/Cisco/IOS/Version"); exit(0); } include('ccf.inc'); include('cisco_workarounds.inc'); product_info = cisco::get_product_info(name:'Cisco IOS'); version_list = make_list( '15.0(1)XA2', '15.0(1)XA4', '15.0(1)XA1', '15.0(1)XA3', '15.0(1)XA', '15.0(1)XA5', '15.1(2)T', '15.1(1)T4', '15.1(3)T2', '15.1(1)T1', '15.1(2)T0a', '15.1(3)T3', '15.1(1)T3', '15.1(2)T3', '15.1(2)T4', '15.1(1)T2', '15.1(3)T', '15.1(2)T2a', '15.1(3)T1', '15.1(1)T', '15.1(2)T2', '15.1(2)T1', '15.1(2)T5', '15.1(3)T4', '15.1(1)T5', '15.1(1)XB', '15.1(1)XB3', '15.1(1)XB1', '15.1(1)XB2', '15.1(4)XB4', '15.1(4)XB5', '15.1(4)XB6', '15.1(4)XB5a', '15.1(4)XB7', '15.1(4)XB8', '15.1(4)XB8a', '15.0(1)S2', '15.0(1)S1', '15.0(1)S', '15.0(1)S3a', '15.0(1)S4', '15.0(1)S5', '15.0(1)S4a', '15.0(1)S6', '15.2(1)S', '15.2(2)S', '15.2(1)S1', '15.2(4)S', '15.2(1)S2', '15.2(2)S1', '15.2(2)S2', '15.2(2)S0a', '15.2(2)S0c', '15.2(2)S0d', '15.2(4)S1', '15.2(4)S4', '15.2(4)S6', '15.2(4)S2', '15.2(4)S5', '15.2(4)S3', '15.2(4)S0c', '15.2(4)S1c', '15.2(4)S3a', '15.2(4)S4a', '15.2(4)S7', '15.2(4)S8', '15.3(1)T', '15.3(2)T', '15.3(1)T1', '15.3(1)T2', '15.3(1)T3', '15.3(1)T4', '15.3(2)T1', '15.3(2)T2', '15.3(2)T3', '15.3(2)T4', '15.1(2)S', '15.1(1)S', '15.1(1)S1', '15.1(3)S', '15.1(1)S2', '15.1(2)S1', '15.1(2)S2', '15.1(3)S1', '15.1(3)S0a', '15.1(3)S2', '15.1(3)S4', '15.1(3)S3', '15.1(3)S5', '15.1(3)S6', '15.1(3)S5a', '15.1(3)S7', '15.1(4)M3', '15.1(4)M', '15.1(4)M1', '15.1(4)M2', '15.1(4)M6', '15.1(4)M5', '15.1(4)M4', '15.1(4)M0a', '15.1(4)M0b', '15.1(4)M7', '15.1(4)M3a', '15.1(4)M10', '15.1(4)M8', '15.1(4)M9', '15.1(4)M12a', '15.1(2)GC', '15.1(2)GC1', '15.1(2)GC2', '15.1(4)GC', '15.1(4)GC1', '15.1(4)GC2', '15.0(1)MR', '15.0(2)MR', '15.2(4)M', '15.2(4)M1', '15.2(4)M2', '15.2(4)M4', '15.2(4)M3', '15.2(4)M5', '15.2(4)M8', '15.2(4)M10', '15.2(4)M7', '15.2(4)M6', '15.2(4)M9', '15.2(4)M6b', '15.2(4)M6a', '15.2(4)M11', '15.2(1)GC', '15.2(1)GC1', '15.2(1)GC2', '15.2(2)GC', '15.2(3)GC', '15.2(3)GC1', '15.2(4)GC', '15.2(4)GC1', '15.2(4)GC2', '15.2(4)GC3', '15.3(1)S', '15.3(2)S', '15.3(3)S', '15.3(1)S2', '15.3(1)S1', '15.3(2)S2', '15.3(2)S1', '15.3(1)S1e', '15.3(3)S1', '15.3(3)S2', '15.3(3)S3', '15.3(3)S6', '15.3(3)S4', '15.3(3)S1a', '15.3(3)S5', '15.3(3)S2a', '15.3(3)S7', '15.3(3)S8', '15.3(3)S6a', '15.3(3)S9', '15.3(3)S10', '15.3(3)S8a', '15.4(1)T', '15.4(2)T', '15.4(1)T2', '15.4(1)T1', '15.4(1)T3', '15.4(2)T1', '15.4(2)T3', '15.4(2)T2', '15.4(1)T4', '15.4(2)T4', '15.1(3)MRA', '15.1(3)MRA1', '15.1(3)MRA2', '15.1(3)MRA3', '15.1(3)MRA4', '15.1(3)SVB1', '15.1(3)SVB2', '15.2(2)JB1', '15.2(2)JB', '15.2(2)JB2', '15.2(4)JB', '15.2(2)JB3', '15.2(4)JB1', '15.2(4)JB2', '15.2(4)JB3', '15.2(4)JB3a', '15.2(2)JB4', '15.2(4)JB4', '15.2(4)JB3h', '15.2(4)JB3b', '15.2(4)JB3s', '15.2(4)JB5h', '15.2(4)JB5', '15.2(4)JB5m', '15.2(4)JB6', '15.2(2)JB5', '15.2(2)JB6', '15.4(1)S', '15.4(2)S', '15.4(3)S', '15.4(1)S1', '15.4(1)S2', '15.4(2)S1', '15.4(1)S3', '15.4(3)S1', '15.4(2)S2', '15.4(3)S2', '15.4(3)S3', '15.4(1)S4', '15.4(2)S3', '15.4(2)S4', '15.4(3)S0d', '15.4(3)S4', '15.4(3)S0e', '15.4(3)S5', '15.4(3)S0f', '15.4(3)S6', '15.4(3)S7', '15.4(3)S6a', '15.4(3)S8', '15.4(3)S9', '15.4(3)S10', '15.2(2)JAX', '15.2(2)JAX1', '15.3(3)M', '15.3(3)M1', '15.3(3)M2', '15.3(3)M3', '15.3(3)M5', '15.3(3)M4', '15.3(3)M6', '15.3(3)M7', '15.3(3)M8', '15.3(3)M9', '15.3(3)M10', '15.3(3)M8a', '15.2(4)JN', '15.2(1)SC1a', '15.2(2)SC', '15.2(2)SC1', '15.2(2)SC3', '15.2(2)SC4', '15.1(3)SVD', '15.1(3)SVD1', '15.1(3)SVD2', '15.1(3)SVD3', '15.1(3)SVF', '15.1(3)SVF1', '15.1(3)SVF2', '15.1(3)SVF2a', '15.1(3)SVF4b', '15.1(3)SVF4d', '15.1(3)SVF4e', '15.1(3)SVF4f', '15.1(3)SVF4c', '15.1(3)SVE', '15.4(3)M', '15.4(3)M1', '15.4(3)M2', '15.4(3)M3', '15.4(3)M4', '15.4(3)M5', '15.4(3)M6', '15.4(3)M7', '15.4(3)M6a', '15.4(3)M7a', '15.4(3)M8', '15.4(3)M9', '15.4(3)M10', '15.2(1)SD1', '15.2(1)SD2', '15.2(1)SD3', '15.2(1)SD4', '15.2(1)SD6', '15.2(1)SD6a', '15.2(1)SD7', '15.2(1)SD8', '15.2(4)JAZ', '15.2(4)JAZ1', '15.3(3)XB12', '15.4(1)CG', '15.4(1)CG1', '15.4(2)CG', '15.5(1)S', '15.5(2)S', '15.5(1)S1', '15.5(3)S', '15.5(1)S2', '15.5(1)S3', '15.5(2)S1', '15.5(2)S2', '15.5(3)S1', '15.5(3)S1a', '15.5(2)S3', '15.5(3)S2', '15.5(3)S0a', '15.5(3)S3', '15.5(1)S4', '15.5(2)S4', '15.5(3)S4', '15.5(3)S5', '15.5(3)S6', '15.5(3)S6a', '15.5(3)S7', '15.5(3)S6b', '15.5(3)S8', '15.5(3)S9', '15.1(3)SVG', '15.1(3)SVG2', '15.1(3)SVG3', '15.1(3)SVG1b', '15.1(3)SVG1c', '15.1(3)SVG3a', '15.1(3)SVG3b', '15.1(3)SVG3c', '15.1(3)SVG2a', '15.1(3)SVG1a', '15.5(1)T', '15.5(1)T1', '15.5(2)T', '15.5(1)T2', '15.5(1)T3', '15.5(2)T1', '15.5(2)T2', '15.5(2)T3', '15.5(2)T4', '15.5(1)T4', '15.4(2)SN', '15.4(2)SN1', '15.4(3)SN1', '15.4(3)SN1a', '15.3(3)JN', '15.3(3)JN1', '15.3(3)JN2', '15.3(3)JN3', '15.3(3)JN4', '15.3(3)JN6', '15.3(3)JN7', '15.3(3)JN8', '15.3(3)JN9', '15.3(3)JN11', '15.3(3)JN13', '15.3(3)JN14', '15.3(3)JN15', '15.1(3)SVH', '15.1(3)SVH2', '15.1(3)SVH4', '15.1(3)SVH4a', '15.5(3)M', '15.5(3)M1', '15.5(3)M0a', '15.5(3)M2', '15.5(3)M2a', '15.5(3)M3', '15.5(3)M4', '15.5(3)M4a', '15.5(3)M5', '15.5(3)M4b', '15.5(3)M4c', '15.5(3)M6', '15.5(3)M5a', '15.5(3)M7', '15.5(3)M6a', '15.5(3)M8', '15.5(3)M9', '15.3(3)JA', '15.3(3)JA1n', '15.3(3)JA1m', '15.3(3)JA1', '15.3(3)JA2', '15.3(3)JA3', '15.3(3)JA4', '15.3(3)JA5', '15.3(3)JA6', '15.3(3)JA7', '15.3(3)JA8', '15.3(3)JA10', '15.3(3)JA11', '15.3(3)JA12', '15.3(3)JAA', '15.3(3)JAA11', '15.3(3)JAA1', '15.3(3)JAA12', '15.3(3)JAB', '15.3(3)JB', '15.5(1)SN', '15.5(1)SN1', '15.5(2)SN', '15.5(3)SN0a', '15.5(3)SN', '15.6(1)S', '15.6(2)S', '15.6(2)S1', '15.6(1)S1', '15.6(1)S2', '15.6(2)S2', '15.6(1)S3', '15.6(2)S3', '15.6(1)S4', '15.6(2)S4', '15.1(3)SVI2', '15.1(3)SVI1a', '15.1(3)SVI2a', '15.1(3)SVI3', '15.1(3)SVI31a', '15.1(3)SVI31b', '15.1(3)SVI3b', '15.1(3)SVI3c', '15.6(1)T', '15.6(2)T', '15.6(1)T0a', '15.6(1)T1', '15.6(2)T1', '15.6(1)T2', '15.6(2)T0a', '15.6(2)T2', '15.6(1)T3', '15.6(2)T3', '15.3(3)JNB', '15.3(3)JNB1', '15.3(3)JNB2', '15.3(3)JNB3', '15.3(3)JNB4', '15.3(3)JNB6', '15.3(3)JNB5', '15.3(3)JAX', '15.3(3)JAX1', '15.3(3)JAX2', '15.3(3)JBB', '15.3(3)JBB1', '15.3(3)JBB2', '15.3(3)JBB4', '15.3(3)JBB5', '15.3(3)JBB6', '15.3(3)JBB8', '15.3(3)JBB6a', '15.3(3)JC', '15.3(3)JC1', '15.3(3)JC2', '15.3(3)JC3', '15.3(3)JC4', '15.3(3)JC5', '15.3(3)JC6', '15.3(3)JC8', '15.3(3)JC9', '15.3(3)JC14', '15.3(3)JNC', '15.3(3)JNC1', '15.3(3)JNC2', '15.3(3)JNC3', '15.3(3)JNC4', '15.3(3)JNP', '15.3(3)JNP1', '15.3(3)JNP3', '15.5(2)XB', '15.6(2)SP', '15.6(2)SP1', '15.6(2)SP2', '15.6(2)SP3', '15.6(2)SP4', '15.6(2)SP3b', '15.6(2)SP5', '15.6(2)SP6', '15.6(1)SN', '15.6(1)SN1', '15.6(2)SN', '15.6(1)SN2', '15.6(1)SN3', '15.6(3)SN', '15.6(4)SN', '15.6(5)SN', '15.6(6)SN', '15.6(7)SN', '15.6(7)SN1', '15.3(3)JPB', '15.3(3)JPB1', '15.3(3)JD', '15.3(3)JD2', '15.3(3)JD3', '15.3(3)JD4', '15.3(3)JD5', '15.3(3)JD6', '15.3(3)JD7', '15.3(3)JD8', '15.3(3)JD9', '15.3(3)JD11', '15.3(3)JD12', '15.3(3)JD13', '15.3(3)JD14', '15.3(3)JD16', '15.3(3)JD17', '15.6(3)M', '15.6(3)M1', '15.6(3)M0a', '15.6(3)M1a', '15.6(3)M1b', '15.6(3)M2', '15.6(3)M2a', '15.6(3)M3', '15.6(3)M3a', '15.6(3)M4', '15.6(3)M5', '15.6(3)M6', '15.6(3)M6a', '15.6(3)M6b', '15.1(3)SVJ', '15.1(3)SVJ2', '15.3(3)JPC', '15.3(3)JPC1', '15.3(3)JPC2', '15.3(3)JPC3', '15.3(3)JPC5', '15.3(3)JND', '15.3(3)JND1', '15.3(3)JND2', '15.3(3)JND3', '15.3(3)JE', '15.3(3)JPD', '15.3(3)JDA7', '15.3(3)JDA8', '15.3(3)JDA9', '15.3(3)JDA11', '15.3(3)JDA12', '15.3(3)JDA13', '15.3(3)JDA14', '15.3(3)JDA16', '15.3(3)JDA17', '15.3(3)JF', '15.3(3)JF1', '15.3(3)JF2', '15.3(3)JF4', '15.3(3)JF5', '15.3(3)JF6', '15.3(3)JF7', '15.3(3)JF8', '15.3(3)JF9', '15.3(3)JCA7', '15.3(3)JCA8', '15.3(3)JCA9', '15.7(3)M', '15.7(3)M1', '15.7(3)M0a', '15.7(3)M3', '15.7(3)M2', '15.7(3)M4', '15.7(3)M4a', '15.7(3)M4b', '15.3(3)JG', '15.3(3)JG1', '15.3(3)JH', '15.3(3)JH1', '15.3(3)JI1', '15.3(3)JI3', '15.3(3)JI4', '15.8(3)M', '15.8(3)M1', '15.8(3)M0a', '15.8(3)M0b', '15.8(3)M2', '15.8(3)M1a', '15.8(3)M2a', '15.3(3)JJ', '15.1(3)SVR' ); workarounds = make_list(CISCO_WORKAROUNDS['show_processes']); workaround_params = {'pat' : 'CCSIP_SPI_CONTRO'}; reporting = make_array( 'port' , 0, 'severity' , SECURITY_HOLE, 'version' , product_info['version'], 'bug_id' , 'CSCvn00218', 'cmds' , make_list('show processes') ); cisco::check_and_report( product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list );

NASL family	CISCO
NASL id	CISCO-SA-20190925-SIP-DOS-IOSXE.NASL
description	A denial of service (DoS) vulnerability exists in the Session Initiation Protocol (SIP) component of Cisco IOS XE due to insufficient checks on an internal data structure which is populated with user submitted data. An unauthenticated, remote attacker can exploit this issue to force a restart of the system.
last seen	2020-06-01
modified	2020-06-02
plugin id	129695
published	2019-10-08
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129695
title	Cisco IOS XE Denial of Service Vulnerability (cisco-sa-20190925-sip-dos)
code	#TRUSTED 82e756e1408a28b7a8c62dd0f612de3122c2f5ddf95c8040f4f4d24c37ce520e14bb90e6dbcdd8f761bb23454bd7e4c5dbb658a70132cecba07f0217fa0661a901764fc8c2fb9adb292104500f71381e58d6d0ca0d55ce7555aab299fa195f1dda151e82c8f29851269a5f088696de8a53b995b2fcdb0c025a9dead690a8961052a4cdffba704d72e993858a9843b9823b91b9adfde85471d41897937e61f83b1a94247661cefd399ee9ddadc6a39edd527948cd63b1e6a1486b8ce93beedc61e966fd02a7bdec4de3a53596239699a72f26e99d0269f5e507c1873c4446b27e4b8b908b12a73261f779d157dde1b224242a01bc055fd553b214d47d538fc4cc9bf57d0663dc575c5d1880102c750e2ac6cdb0292c7ea412043327097d69a4adde16322d7666108cbf94851f1e061e26a15938680cf499aed2eada9787aa8c05f914d653d87c8ec3fb97b0a769bc343cc71030a7f6835b0986e694b7657053e270e42810860344a7372241f72404d1fe6cf78fb2a5c3ee19fc09a57a2269e3d88266fefed4595096ee95cb6101ebf16eac87de5e4b06ffe33644bf310a009fbaf337255ddae07a98c1ebd46a21ca5b322ba2673add08e65e4da3686ed14b44610f1cb01632b6be12ae0555447eba891b4d280a8c9100ad544093697300581075e05097718eef9db77fb351e4602514bdbe7476d690123a64192df1c3dc9aa330 # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(129695); script_version("1.9"); script_cvs_date("Date: 2020/01/09"); script_cve_id("CVE-2019-12654"); script_xref(name:"CISCO-BUG-ID", value:"CSCvn00218"); script_xref(name:"CISCO-SA", value:"cisco-sa-20190925-sip-dos"); script_xref(name:"IAVA", value:"2019-A-0354"); script_name(english:"Cisco IOS XE Denial of Service Vulnerability (cisco-sa-20190925-sip-dos)"); script_summary(english:"Checks the IOS XE version."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "A denial of service (DoS) vulnerability exists in the Session Initiation Protocol (SIP) component of Cisco IOS XE due to insufficient checks on an internal data structure which is populated with user submitted data. An unauthenticated, remote attacker can exploit this issue to force a restart of the system."); # https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn00218 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6e59804f"); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e0995245"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug ID(s)CSCvn00218."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12654"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(476); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_ios_xe_version.nasl"); script_require_keys("Host/Cisco/IOS-XE/Version"); exit(0); } include('ccf.inc'); include('cisco_workarounds.inc'); product_info = cisco::get_product_info(name:'Cisco IOS XE Software'); version_list = make_list( '3.7.0S', '3.7.1S', '3.7.2S', '3.7.3S', '3.7.4S', '3.7.5S', '3.7.6S', '3.7.7S', '3.7.8S', '3.7.4aS', '3.7.2tS', '3.7.0bS', '3.7.1aS', '3.8.0S', '3.8.1S', '3.8.2S', '3.9.1S', '3.9.0S', '3.9.2S', '3.9.1aS', '3.9.0aS', '3.10.0S', '3.10.1S', '3.10.2S', '3.10.3S', '3.10.4S', '3.10.5S', '3.10.6S', '3.10.2aS', '3.10.2tS', '3.10.7S', '3.10.8S', '3.10.8aS', '3.10.9S', '3.10.10S', '3.11.1S', '3.11.2S', '3.11.0S', '3.11.3S', '3.11.4S', '3.12.0S', '3.12.1S', '3.12.2S', '3.12.3S', '3.12.0aS', '3.12.4S', '3.13.0S', '3.13.1S', '3.13.2S', '3.13.3S', '3.13.4S', '3.13.5S', '3.13.2aS', '3.13.0aS', '3.13.5aS', '3.13.6S', '3.13.7S', '3.13.6aS', '3.13.6bS', '3.13.7aS', '3.13.8S', '3.13.9S', '3.13.10S', '3.14.0S', '3.14.1S', '3.14.2S', '3.14.3S', '3.14.4S', '3.15.0S', '3.15.1S', '3.15.2S', '3.15.1cS', '3.15.3S', '3.15.4S', '3.16.0S', '3.16.1S', '3.16.0aS', '3.16.1aS', '3.16.2S', '3.16.2aS', '3.16.0bS', '3.16.0cS', '3.16.3S', '3.16.2bS', '3.16.3aS', '3.16.4S', '3.16.4aS', '3.16.4bS', '3.16.4gS', '3.16.5S', '3.16.4cS', '3.16.4dS', '3.16.4eS', '3.16.6S', '3.16.5aS', '3.16.5bS', '3.16.7S', '3.16.6bS', '3.16.7aS', '3.16.7bS', '3.16.8S', '3.16.9S', '3.17.0S', '3.17.1S', '3.17.2S ', '3.17.1aS', '3.17.3S', '3.17.4S', '16.1.1', '16.1.2', '16.1.3', '3.2.0JA', '16.2.1', '16.2.2', '16.3.1', '16.3.2', '16.3.3', '16.3.1a', '16.3.4', '16.3.5', '16.3.5b', '16.3.6', '16.3.7', '16.4.1', '16.4.2', '16.4.3', '16.5.1', '16.5.1a', '16.5.1b', '16.5.2', '16.5.3', '3.18.0aS', '3.18.0S', '3.18.1S', '3.18.2S', '3.18.3S', '3.18.4S', '3.18.0SP', '3.18.1SP', '3.18.1aSP', '3.18.1gSP', '3.18.1bSP', '3.18.1cSP', '3.18.2SP', '3.18.1hSP', '3.18.2aSP', '3.18.1iSP', '3.18.3SP', '3.18.4SP', '3.18.3aSP', '3.18.3bSP', '3.18.5SP', '3.18.6SP', '16.6.1', '16.6.2', '16.6.3', '16.6.4', '16.6.5', '16.6.4s', '16.6.4a', '16.6.5a', '16.6.5b', '16.7.1', '16.7.1a', '16.7.1b', '16.7.2', '16.7.3', '16.7.4', '16.8.1', '16.8.1a', '16.8.1b', '16.8.1s', '16.8.1c', '16.8.1d', '16.8.2', '16.8.1e', '16.8.3', '16.9.1', '16.9.2', '16.9.1a', '16.9.1b', '16.9.1s', '16.9.1c', '16.9.1d', '16.9.2a', '16.9.2s', '16.10.1', '16.10.1a', '16.10.1b', '16.10.1s', '16.10.1c', '16.10.1e', '16.10.1d', '16.10.2', '16.10.1f', '16.10.1g' ); workarounds = make_list(CISCO_WORKAROUNDS['show_processes']); workaround_params = {'pat':'CCSIP_SPI_CONTRO'}; reporting = make_array( 'port' , 0, 'severity' , SECURITY_HOLE, 'version' , product_info['version'], 'bug_id' , 'CSCvn00218', 'cmds' , make_list('show processes') ); cisco::check_and_report( product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list );

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos