Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.CISCO-SA-20111005-ASA.NASL
HistoryOct 25, 2011 - 12:00 a.m.

Cisco ASA 5500 Series Multiple Vulnerabilities (cisco-sa-20111005-asa)

2011-10-2500:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
14
JSON

The remote Cisco ASA is missing a security patch and may be affected by the following issues :

  • When MSN IM inspection is enabled, inspecting malformed transit traffic could cause the device to reload.
    (CVE-2011-3304)

  • TACACS+ authentication can be bypassed by an attacker with access between the ASA and the TACACS+ server.
    (CVE-2011-3298)

  • Four DoS vulnerabilities in the SunRPC inspection engine can be triggered by specially crafted UDP traffic, causing the device to reload.
    (CVE-2011-3299, CVE-2011-3300, CVE-2011-3301, CVE-2011-3302)

  • When ILS inspection is enabled, inspecting malformed transit traffic could cause the device to reload, resulting in a sustained DoS condition. (CVE-2011-3303)

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(56631);
  script_version("1.7");
  script_cvs_date("Date: 2018/11/15 20:50:20");

  script_cve_id(
    "CVE-2011-3298",
    "CVE-2011-3299",
    "CVE-2011-3300",
    "CVE-2011-3301",
    "CVE-2011-3302",
    "CVE-2011-3303",
    "CVE-2011-3304"
  );
  script_bugtraq_id(49951, 49952, 49956);
  script_xref(name:"CISCO-BUG-ID", value:"CSCtl67486");
  script_xref(name:"CISCO-BUG-ID", value:"CSCto40365");
  script_xref(name:"CISCO-BUG-ID", value:"CSCto92380");
  script_xref(name:"CISCO-BUG-ID", value:"CSCto92398");
  script_xref(name:"CISCO-BUG-ID", value:"CSCtq06062");
  script_xref(name:"CISCO-BUG-ID", value:"CSCtq06065");
  script_xref(name:"CISCO-BUG-ID", value:"CSCtq57697");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20111005-asa");

  script_name(english:"Cisco ASA 5500 Series Multiple Vulnerabilities (cisco-sa-20111005-asa)");
  script_summary(english:"Checks the version of the remote ASA.");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote security device is missing a vendor-supplied security
patch."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote Cisco ASA is missing a security patch and may be affected
by the following issues :

  - When MSN IM inspection is enabled, inspecting malformed
    transit traffic could cause the device to reload.
    (CVE-2011-3304)

  - TACACS+ authentication can be bypassed by an attacker
    with access between the ASA and the TACACS+ server.
    (CVE-2011-3298)

  - Four DoS vulnerabilities in the SunRPC inspection
    engine can be triggered by specially crafted
    UDP traffic, causing the device to reload.
   (CVE-2011-3299, CVE-2011-3300, CVE-2011-3301, CVE-2011-3302)

  - When ILS inspection is enabled, inspecting malformed
    transit traffic could cause the device to reload,
    resulting in a sustained DoS condition. (CVE-2011-3303)"
  );
  script_set_attribute(attribute:"see_also",value:"http://www.nessus.org/u?4d707431");
  script_set_attribute(
    attribute:"solution",
    value:"Apply the appropriate Cisco ASA patch (see plugin output)."
  );
 script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vuln_publication_date", value:"2011/10/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/10/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/25");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:asa_5500");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:adaptive_security_appliance_software");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
 
  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/Cisco/ASA", "Host/Cisco/ASA/model");
  exit(0);
}

include("cisco_func.inc");
include("audit.inc");

asa = get_kb_item_or_exit('Host/Cisco/ASA');
model = get_kb_item_or_exit('Host/Cisco/ASA/model');
ver = extract_asa_version(asa);
if (isnull(ver)) audit(AUDIT_FN_FAIL, 'extract_asa_version');

if (model !~ '^55[0-9][0-9]')
  audit(AUDIT_HOST_NOT, 'ASA 5500');

# first check 7.1 (the recommendation is to migrate to 7.2 and upgrade)
if (ver =~ '^7\\.1($|[^0-9])')
{
  report =
    '\n  Installed release : ' + ver +
    '\n  Fixed release     : 7.2(5.4)\n';
  security_hole(port:0, extra:report);
  exit(0);
}

# then check 8.1 (the recommendation is to migrate to 8.2 or later and upgrade)
if (ver =~ '^8\\.1($|[^0-9])')
{
  report =
    '\n  Installed release : ' + ver +
    '\n  Fixed release     : migrate to 8.2 or later and apply patches\n';
  security_hole(port:0, extra:report);
  exit(0);
}

# compare the ASA version versus all recommended releases.  The
# comparison is only made if the major versions match up
recommended_releases = make_list('7.0(8.13)', '7.2(5.4)', '8.0(5.25)', '8.2(5.11)', '8.3(2.23)', '8.4(2.7)', '8.5(1.1)');
foreach patch (recommended_releases)
{
  if (check_asa_release(version:ver, patched:patch))
  {
    report =
      '\n  Installed release : ' + ver +
      '\n  Fixed release     : ' + patch + '\n';
    security_hole(port:0, extra:report);
    exit(0);
  }
}

audit(AUDIT_INST_VER_NOT_VULN, 'ASA', ver);
VendorProductVersionCPE
ciscoasa_5500cpe:/h:cisco:asa_5500
ciscoadaptive_security_appliance_softwarecpe:/a:cisco:adaptive_security_appliance_software

Related

cisco 2
securityvulns 3
cve 7
prion 7
cvelist 7
cisco
cisco
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
2011-10-05 16:00:00
Multiple Vulnerabilities in Cisco Firewall Services Module
2011-10-05 16:00:00
securityvulns
securityvulns
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
2011-10-10 00:00:00
Cisco ASA / Cisco FSM multiple security vulnerabilities
2011-10-10 00:00:00
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module
2011-10-10 00:00:00
cve
cve
CVE-2011-3300
2011-10-06 10:55:00
CVE-2011-3298
2011-10-06 10:55:00
CVE-2011-3299
2011-10-06 10:55:00
prion
prion
Design/Logic Flaw
2011-10-06 10:55:00
Authentication flaw
2011-10-06 10:55:00
Design/Logic Flaw
2011-10-06 10:55:00
cvelist
cvelist
CVE-2011-3300
2011-10-06 10:00:00
CVE-2011-3299
2011-10-06 10:00:00
CVE-2011-3298
2011-10-06 10:00:00
JSON
Related for CISCO-SA-20111005-ASA.NASL
cisco2securityvulns3cve7prion7cvelist7