Vulnerabilities > CVE-2019-1718 - Unspecified vulnerability in Cisco Identity Services Engine 2.1(0.907)

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
cisco
nessus
NVD
Published: 2019-04-17
Updated: 2020-10-07

Summary

A vulnerability in the web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of Secure Sockets Layer (SSL) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. An successful exploit could increase the resource usage on the system, eventually leading to a DoS condition. This vulnerability affects version 2.1.

Vulnerable Configurations

Part Description Count
Application
Cisco
1

Nessus

NASL familyCISCO
NASL idCISCO-SA-20190417-ISE-SSL-DOS.NASL
descriptionAccording to its self-reported version, Cisco Identity Services Engine Software is affected by a vulnerability in the web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of Secure Sockets Layer (SSL) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. An successful exploit could increase the resource usage on the system, eventually leading to a DoS condition. Please see the included Cisco BIDs and Cisco Security Advisory for more information
last seen2020-06-01
modified2020-06-02
plugin id126101
published2019-06-21
reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/126101
titleCisco Identity Services Engine SSL Renegotiation Denial of Service Vulnerability
code
#TRUSTED 70329d8fbdb7c64d43208791fb3bf31a5d4a2b2e76153bb27db64276b2f5ada1e06734d6e3877cebc4c0ebb82182fd0a97d1a8fdda93bd4b04dc926af6ffa463b5a46041194a3df14df79e0eb8def5ff75d212c0b499b7678b14416a9d7d8159b51c74fa68f31ccd090220a1881fe21a607b859f044be8b2134809439d031dfc76ac7eeae89ee0d054edaccbce82f259b115c0df46a4dd1a75bd075ecc5aaaf58ba47432dd1ebec69a10f875e92a33ef8c2fc8b88454e20d62002a099daed1d94170cd6a9e7f7be6c7cb91ca9844d0b26ff80e6d88e1ed1d792d2bac6e1c14c5f5b3d5cac03fd683abfaf2fe13f4b681b5ad944719bae176b341ce112294a1b17b427eadccff09c24cca31185429a0caeebf2b46e940b1ac0391769aaadd1f3f55c55c8ecb3d491a26a906ea28e4bfdb0d473e600e279e4cc8940f938b2faf45896f4a968ec0d7f604f39a9b3b278c12972aeec8a4d0c5177a816678bf9b2cd2aa8d91ee4bd29dd8dd42501a8e17af7288742bd2308966d57b4a4ba06a0cb3ae9916a3692b09d29fdaca1b345f2a8b073634eb2e5fdb49f52ecff95940cfbfbc2ac11bb53b8d178148b4bec2af44568c45d290f2623d22a3bca9dac0df90746704041f2cdc07c8fd50fa3de6e0667a12ec67d1743bd24ae325ef9ee39bce2ce9546256bc48449e1424812f209b449c2af84cf4d8f8d25e778aa81d6f3934d03a
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(126101);
  script_version("1.6");
  script_cvs_date("Date: 2020/02/14");

  script_cve_id("CVE-2019-1718");
  script_bugtraq_id(108030);
  script_xref(name:"CISCO-BUG-ID", value:"CSCvo10487");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20190417-ise-ssl-dos");

  script_name(english:"Cisco Identity Services Engine SSL Renegotiation Denial of Service Vulnerability");
  script_summary(english:"Checks the version of Cisco Identity Services Engine Software");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Identity Services Engine Software is affected by a vulnerability in the
web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high
CPU usage, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of Secure
Sockets Layer (SSL) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation
requests at a high rate. An successful exploit could increase the resource usage on the system, eventually leading to a
DoS condition.

Please see the included Cisco BIDs and Cisco Security Advisory for more information");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ise-ssl-dos
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a2b53142");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo10487");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvo10487");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1718");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(399);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/21");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:identity_services_engine");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ise_detect.nbin");
  script_require_keys("Host/Cisco/ISE/version", "Settings/ParanoidReport");

  exit(0);
}

include('audit.inc');
include('cisco_workarounds.inc');
include('ccf.inc');

product_info = cisco::get_product_info(name:'Cisco Identity Services Engine Software');

if (report_paranoia < 2) audit(AUDIT_PARANOID);

vuln_ranges = [
  { 'min_ver' : '2.1.0', fix_ver : '2.2.0.470' }
];

workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);
workaround_params = make_list();

# ISE version doesn't change when patches are installed, so even if 
# they are on the proper version we have to double check patch level
required_patch = '';
if (product_info['version'] =~ "^2\.2\.0($|[^0-9])") required_patch = '14';

reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_HOLE,
  'version'  , product_info['version'],
  'bug_id'   , 'CSCvo10487',
  'fix'      , '2.2.0.470 Patch 14'
);

cisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_ranges:vuln_ranges, required_patch:required_patch);

References