Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is (C) 2010-2018 Tenable Network Security, Inc.CISCO-SA-20010510-IOS-BGP-ATTR.NASL
HistorySep 01, 2010 - 12:00 a.m.

Cisco IOS BGP Attribute Corruption Vulnerability - Cisco Systems

2010-09-0100:00:00
This script is (C) 2010-2018 Tenable Network Security, Inc.
www.tenable.com
15

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.018

Percentile

88.0%

JSON

A Border Gateway Protocol (BGP) UPDATE contains Network Layer Reachability Information (NLRI) and attributes that describe the path to the destination. An unrecognized transitive attribute can cause failures in Cisco IOS routers, ranging from a crash upon receipt of the unrecognized transitive attribute, to a later failure upon attempt to clear the unrecognized transitive attribute. Specific but common configurations are affected, and described below. The failure was discovered because of a malfunction in the BGP implementation of another vendor. There is no workaround. Affected customers are urged to upgrade to fixed code. This vulnerability has been assigned Cisco bug ID CSCdt79947.

#
# (C) Tenable Network Security, Inc.
#
# Security advisory is (C) CISCO, Inc.
# See https://www.cisco.com/en/US/products/products_security_advisory09186a0080094a58.shtml

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
 script_id(48954);
 script_version("1.10");
 script_cve_id("CVE-2001-0650");
 script_bugtraq_id(2733);
 script_xref(name:"CERT", value:"106392");
 script_xref(name:"CISCO-BUG-ID", value:"CSCdt79947");
 script_xref(name:"CISCO-SA", value:"cisco-sa-20010510-ios-bgp-attr");

 script_name(english:"Cisco IOS BGP Attribute Corruption Vulnerability - Cisco Systems");
 script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch" );
 script_set_attribute(attribute:"description", value:
'A Border Gateway Protocol (BGP) UPDATE contains Network Layer
Reachability Information (NLRI) and attributes that describe the path
to the destination. An unrecognized transitive attribute can cause
failures in Cisco IOS routers, ranging from a crash upon receipt of the
unrecognized transitive attribute, to a later failure upon attempt to
clear the unrecognized transitive attribute. Specific but common
configurations are affected, and described below. The failure was
discovered because of a malfunction in the BGP implementation of
another vendor. There is no workaround. Affected customers are urged to
upgrade to fixed code. 
This vulnerability has been assigned Cisco bug ID CSCdt79947. 
');
 # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20010510-ios-bgp-attr
 script_set_attribute(attribute:"see_also", value: "http://www.nessus.org/u?87f00c5c");
 # https://www.cisco.com/en/US/products/products_security_advisory09186a0080094a58.shtml
 script_set_attribute(attribute:"see_also", value: "http://www.nessus.org/u?bb47db9e");
 script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in Cisco Security Advisory 
cisco-sa-20010510-ios-bgp-attr.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"plugin_type", value: "local");
 script_set_attribute(attribute:"cpe", value: "cpe:/o:cisco:ios");
 script_set_attribute(attribute:"vuln_publication_date", value: "2001/05/10");
 script_set_attribute(attribute:"patch_publication_date", value: "2001/05/10");
 script_set_attribute(attribute:"plugin_publication_date", value: "2010/09/01");
 script_cvs_date("Date: 2018/11/15 20:50:20");

 script_end_attributes();
 script_summary(english:"Uses SNMP to determine if a flaw is present");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is (C) 2010-2018 Tenable Network Security, Inc.");
 script_family(english:"CISCO");
 script_dependencie("cisco_ios_version.nasl");
 script_require_keys("Host/Cisco/IOS/Version");
 exit(0);
}
include("cisco_func.inc");

#

version = get_kb_item_or_exit("Host/Cisco/IOS/Version");

# Affected: 11.1CA
if (deprecated_version(version, "11.1CA")) {
 security_warning(port:0, extra: '\nNo updates are scheduled for 11.1CA. Upgrade to a supported version\n'); exit(0);
}
# Affected: 11.1CC
if (check_release(version: version,
                  patched: make_list("11.1(36)CC2") )) {
 security_warning(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0);
}
# Affected: 11.1CT
if (deprecated_version(version, "11.1CT")) {
 security_warning(port:0, extra: '\nUpgrade to 12.0ST\n'); exit(0);
}
# Affected: 11.2
if (deprecated_version(version, "11.2")) {
 security_warning(port:0, extra: '\nNo updates are scheduled for 11.2. Upgrade to a supported version\n'); exit(0);
}
# Affected: 11.2BC
if (deprecated_version(version, "11.2BC")) {
 security_warning(port:0, extra: '\nUpgrade to 12.1(8) or later\n'); exit(0);
}
# Affected: 11.2F
if (deprecated_version(version, "11.2F")) {
 security_warning(port:0, extra: '\nNo updates are scheduled for 11.2F. Upgrade to a supported version\n'); exit(0);
}
# Affected: 11.2GS
if (deprecated_version(version, "11.2GS")) {
 security_warning(port:0, extra: '\nUpgrade to 12.0(17)S or later\n'); exit(0);
}
# Affected: 11.2P
if (deprecated_version(version, "11.2P")) {
 security_warning(port:0, extra: '\nUpgrade to 12.0(17) or later\n'); exit(0);
}
# Affected: 11.2(4)XA
if (version == '11.2(4)XA') {
 security_warning(port:0, extra: '\nNo updates are scheduled for 11.2(4)XA. Upgrade to a supported version\n'); exit(0);
}
# Affected: 11.2(9)XA
if (version == '11.2(9)XA') {
 security_warning(port:0, extra: '\nNo updates are scheduled for 11.2(9)XA. Upgrade to a supported version\n'); exit(0);
}
# Affected: 11.3
if (deprecated_version(version, "11.3")) {
 security_warning(port:0, extra: '\nUpgrade to 12.0(17) or later\n'); exit(0);
}
# Affected: 11.3AA
if (deprecated_version(version, "11.3AA")) {
 security_warning(port:0, extra: '\nUpgrade to 12.0(17) or later\n'); exit(0);
}
# Affected: 11.3DA
if (deprecated_version(version, "11.3DA")) {
 security_warning(port:0, extra: '\nUpgrade to 12.1DA\n'); exit(0);
}
# Affected: 11.3DB
if (deprecated_version(version, "11.3DB")) {
 security_warning(port:0, extra: '\nUpgrade to 12.1DB\n'); exit(0);
}
# Affected: 11.3HA
if (deprecated_version(version, "11.3HA")) {
 security_warning(port:0, extra: '\nUpgrade to 12.0(17) or later\n'); exit(0);
}
# Affected: 11.3MA
if (deprecated_version(version, "11.3MA")) {
 security_warning(port:0, extra: '\nNo updates are scheduled for 11.3MA. Upgrade to a supported version\n'); exit(0);
}
# Affected: 11.3NA
if (deprecated_version(version, "11.3NA")) {
 security_warning(port:0, extra: '\nUpgrade to 12.1\n'); exit(0);
}
# Affected: 11.3T
if (deprecated_version(version, "11.3T")) {
 security_warning(port:0, extra: '\nUpgrade to 12.0(17) or later\n'); exit(0);
}
# Affected: 11.3WA4
#if (deprecated_version(version, "11.3WA4")) {
# security_warning(port:0, extra: '\nNo updates are scheduled for 11.3WA4. Upgrade to a supported version\n'); exit(0);
#}
# Affected: 11.3(2)XA
if (version == '11.3(2)XA') {
 security_warning(port:0, extra: '\nNo updates are scheduled for 11.3(2)XA. Upgrade to a supported version\n'); exit(0);
}
# Affected: 12.0
if (check_release(version: version,
                  patched: make_list("12.0(17)") )) {
 security_warning(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0);
}
# Affected: 12.0DA
if (deprecated_version(version, "12.0DA")) {
 security_warning(port:0, extra: '\nUpgrade to 12.1DA\n'); exit(0);
}
# Affected: 12.0DB
if (deprecated_version(version, "12.0DB")) {
 security_warning(port:0, extra: '\nUpgrade to 12.1DB\n'); exit(0);
}
# Affected: 12.0DC
if (deprecated_version(version, "12.0DC")) {
 security_warning(port:0, extra: '\nUpgrade to 12.1DC\n'); exit(0);
}
# Affected: 12.0S
if (check_release(version: version,
                  patched: make_list("12.0(15)S3", "12.0(16)S1"))) {
 security_warning(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0);
}
# Affected: 12.0T
if (check_release(version: version,
                  patched: make_list("12.0(5)T") )) {
 security_warning(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0);
}
# Affected: 12.0W5
if (
  version =~ 'W5' &&  # avoid flagging things like W4 (if such a thing exists)
  check_release(version: version, patched: make_list("12.0(10)W5(18g)", "12.0(16)W5(21)") )) {
 security_warning(port:0, extra: '\nUpdate to ' + patch_update + ' or later\n'); exit(0);
}
# Affected: 12.0XA
if (deprecated_version(version, "12.0XA")) {
 security_warning(port:0, extra: '\nUpgrade to 12.1\n'); exit(0);
}
# Affected: 12.0XB
if (deprecated_version(version, "12.0XB")) {
 security_warning(port:0, extra: '\nUpgrade to 12.1\n'); exit(0);
}
# Affected: 12.0XC
if (deprecated_version(version, "12.0XC")) {
 security_warning(port:0, extra: '\nUpgrade to 12.1\n'); exit(0);
}
# Affected: 12.0XD
if (deprecated_version(version, "12.0XD")) {
 security_warning(port:0, extra: '\nUpgrade to 12.1\n'); exit(0);
}
# Affected: 12.0XF
if (deprecated_version(version, "12.0XF")) {
 security_warning(port:0, extra: '\nUpgrade to 12.1\n'); exit(0);
}
# Affected: 12.0XG
if (deprecated_version(version, "12.0XG")) {
 security_warning(port:0, extra: '\nUpgrade to 12.1\n'); exit(0);
}
# Affected: 12.0XH
if (deprecated_version(version, "12.0XH")) {
 security_warning(port:0, extra: '\nUpgrade to 12.1\n'); exit(0);
}
# Affected: 12.0XI
if (deprecated_version(version, "12.0XI")) {
 security_warning(port:0, extra: '\nUpgrade to 12.1\n'); exit(0);
}
# Affected: 12.0XJ
if (deprecated_version(version, "12.0XJ")) {
 security_warning(port:0, extra: '\nUpgrade to 12.1\n'); exit(0);
}

exit(0, "The remote host is not affected");

Related

cert 1
nvd 1
cve 1
cvelist 1
cert
cert
Cisco IOS vulnerable to DoS via unrecognized transitive attribute in BGP UPDATE
2001-05-10 00:00:00
nvd
nvd
CVE-2001-0650
2001-09-20 04:00:00
cve
cve
CVE-2001-0650
2002-03-09 05:00:00
cvelist
cvelist
CVE-2001-0650
2002-03-09 05:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.018

Percentile

88.0%

JSON
Related for CISCO-SA-20010510-IOS-BGP-ATTR.NASL
cert1nvd1cve1cvelist1