Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.CISCO-SA-20110928-IPSLAHTTP.NASL
HistorySep 29, 2011 - 12:00 a.m.

Cisco IOS Software IP Service Level Agreement Vulnerability (cisco-sa-20110928-ipsla)

2011-09-2900:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
10
JSON

The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a denial of service (DoS) vulnerability. The vulnerability is triggered when malformed UDP packets are sent to a vulnerable device. The vulnerable UDP port numbers depend on the device configuration.
Default ports are not used for the vulnerable UDP IP SLA operation or for the UDP responder ports. Cisco has released free software updates that address this vulnerability.

#TRUSTED 497562ac0d50ff624e1adedbc7335e710cab47f99a70b758888f5b59832f39818bef23d4ef6e5ea402f9472d0b7be25536084de985924071d69aed95ab0b4daaa4da558bb32530a5a2507c0af8c2888f12a6329c35c3ef619780b3a5c1305d6d698d0f22ddcfdd40ffb256125119656c824d438e58599b14247d8514f8dcf9bbc79d33a809fe7bdc7775371df970356d50718b7743efe82a738192b8bb90eed26c83faae4959f553faa82b04ffe99ea2b323e25f31fb2509f75fd076ebc2f1a986c2befdb416cb4a3a0be0bcef5e8fc78ea1747db733178ebe70f2b92f10a6e22bfc549ed6937f3b32740860366110f8876beb2a5a97cfcf856f37d5c973d8d00c28ba4fe8fb99b7781f60a376f1e8cccb8db798df1a37e02e27391204b6db16638c15268840d492edaaae869e8a5e56e718843b1974c55327ae23ec903f7ff799179656832718310a09cd1564e850fa46f64860d83e4715cd2af5ed807186180c536410d89fbd125275890562994d4596c6383480f168166b3536561eddfcd503b0339d91251719199b8166fb10bc6e3e0bb2e1a0cc5195cb2f49680fc8cca612d54a3d926836afa9723bd321bcb414ac72e935a3ef2004d46b2649ec35ed30b06bfe7dad7aa0392de5d388c811dc3407329663de7a43481210d1991c2a0f39f07b914c94724fa2e3d4225777fba76fdcb5b300913a92590106cef29e4fb62e
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Cisco Security Advisory cisco-sa-20110928-ipsla.
# The text itself is copyright (C) Cisco
#

include("compat.inc");

if (description)
{
  script_id(56315);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15");

  script_cve_id("CVE-2011-3272");
  script_bugtraq_id(49823);
  script_xref(name:"CISCO-BUG-ID", value:"CSCtk67073");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20110928-ipsla");

  script_name(english:"Cisco IOS Software IP Service Level Agreement Vulnerability (cisco-sa-20110928-ipsla)");
  script_summary(english:"Checks the IOS version.");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote device is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a
denial of service (DoS) vulnerability. The vulnerability is triggered
when malformed UDP packets are sent to a vulnerable device. The
vulnerable UDP port numbers depend on the device configuration.
Default ports are not used for the vulnerable UDP IP SLA operation or
for the UDP responder ports. Cisco has released free software updates
that address this vulnerability."
  );
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-ipsla
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?94afcda9"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20110928-ipsla."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/09/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/09/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/09/29");

  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
  script_family(english:"CISCO");

  script_dependencies("cisco_ios_version.nasl");
  script_require_keys("Host/Cisco/IOS/Version");

  exit(0);
}



include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

flag = 0;
override = 0;

version = get_kb_item_or_exit("Host/Cisco/IOS/Version");
if ( version == '15.1(1)S' ) flag++;
if ( version == '15.1(1)S1' ) flag++;
if ( version == '15.1(1)S2' ) flag++;
if ( version == '15.1(1)SA1' ) flag++;
if ( version == '15.1(1)SA2' ) flag++;
if ( version == '15.1(1)T' ) flag++;
if ( version == '15.1(1)T1' ) flag++;
if ( version == '15.1(1)T2' ) flag++;
if ( version == '15.1(1)XB' ) flag++;
if ( version == '15.1(1)XB1' ) flag++;
if ( version == '15.1(1)XB2' ) flag++;
if ( version == '15.1(1)XB3' ) flag++;
if ( version == '15.1(2)GC' ) flag++;
if ( version == '15.1(2)GC1' ) flag++;
if ( version == '15.1(2)T' ) flag++;
if ( version == '15.1(2)T0a' ) flag++;
if ( version == '15.1(2)T1' ) flag++;
if ( version == '15.1(2)T2' ) flag++;
if ( version == '15.1(2)T2a' ) flag++;
if ( version == '15.1(2)T3' ) flag++;
if ( version == '15.1(3)T' ) flag++;
if ( version == '15.1(3)T1' ) flag++;
if (get_kb_item("Host/local_checks_enabled"))
{
  if (flag)
  {
    flag = 0;
    buf = cisco_command_kb_item("Host/Cisco/Config/show_ip_sla_responder", "show ip sla responder");
    if (check_cisco_result(buf))
    {
      if (preg(pattern:"Enable", multiline:TRUE, string:buf)) { flag = 1; }
    } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; }
  }

  if (flag)
  {
    flag = 0;
    buf = cisco_command_kb_item("Host/Cisco/Config/show_ip_sla_configuration", "show ip sla configuration");
    if (check_cisco_result(buf))
    {
      if (preg(pattern:"operation[^\r\n]*udp-echo", multiline:TRUE, string:buf)) { flag = 1; }
      if (preg(pattern:"operation[^\r\n]*udp-jitter", multiline:TRUE, string:buf)) { flag = 1; }
    } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; }
  }
}



if (flag)
{
  security_hole(port:0, extra:cisco_caveat(override));
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
ciscoioscpe:/o:cisco:ios

Related

prion 1
cve 1
securityvulns 2
cisco 1
prion
prion
Memory corruption
2011-10-03 23:55:00
cve
cve
CVE-2011-3272
2011-10-03 23:55:00
securityvulns
securityvulns
Cisco Security Advisory: Cisco IOS Software IP Service Level Agreement Vulnerability
2011-10-02 00:00:00
Cisco IOS multiple security vulnerabilities
2011-10-02 00:00:00
cisco
cisco
Cisco IOS Software IP Service Level Agreement Vulnerability
2011-09-28 16:00:00
JSON
Related for CISCO-SA-20110928-IPSLAHTTP.NASL
prion1cve1securityvulns2cisco1