Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.CISCO-SA-20140219-IPS.NASL
HistoryFeb 26, 2014 - 12:00 a.m.

Multiple Vulnerabilities in Cisco Intrusion Prevention System Software (cisco-sa-20140219-ips)

2014-02-2600:00:00
This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
www.tenable.com
10

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.002

Percentile

53.9%

JSON

According to its self-reported version, the version of the Cisco Intrusion Prevention System software running on the remote is affected by the following denial of service vulnerabilities :

  • The Analysis Engine can become unresponsive due to improper handling of fragmented packets processed through the device. The device is only affected when the β€˜produce-verbose-alert’ action is enabled.
    (CVE-2014-0718)

  • The MainApp can become unresponsive due to improper handling of malformed TCP packets sent to the management interface. Other critical tasks such as alert notification, event store management, sensor authentication, and the Analysis Engine can become unresponsive as well. (CVE-2014-0719)

  • The Analysis Engine can become unresponsive due to improper handling of jumbo frames sent at a high rate.
    (CVE-2014-0720)

An unauthenticated, remote attacker can exploit these issues to cause a denial of service.

#TRUSTED a3c9cb58fe32952fe5f165fe9192a42e8017557659559b0d77dd7c35bc46e15cd3c362ca6cb6fea0518ddb247a956c9fa25585755a1360eee3dd06bf6782fb9c8e50b7f351fb8ca0a85ef7b336ef37e7fd1ebd2d32ad7d5f10c4a93b16fa3c302b1719bc1acbb8bb1c229856c23cccc39545c230897df8ec376ce47ed3f0075310800b1d36fda4f7b0a8ba88dfbca54e9cc1eede525ebf3e83da29e3616368f6ab076630f979d770cc5014d119d17f86fa151ccf9348c96f41219c6f9a9436ab223b5379b98418c71dbf3dd06aec5f077d54ab85954a00c0ea495343b304eec184072148833993de17565d4e8a97eba30d28bce602b52e71543ee2508f1863898a1fa447d5eabc5aba275005038fcf031d7ea418d5a641515c5f74dee10eb7272f1264abef8241663587dbe3b9c59aa5bbdc988b0882d4a4248bf228753505b5e40bb96647a94fe4ced6aede1b960024f93aa6980619f6cab2ec76ba6958a3b689135d777e575ba2dd0de53c26953ac0c5b8a802ebcc98e977c8706becd2c635451fbeb83275a791f8509ff37519097df00baf4b280edc5a34fae238a72974e6415d364e736f8b456c3020a42cef790bad83c18d9d0a71e09d6f16a21d440baaaee33fa0fefb10ef8f81343cebc34e056eb5b67f403ea46b7b9d51b6ac6067d8d3a54eb65469b63601e59df90e03993e229e39e500dd99d368f9078d915dcff0
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(72705);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15");

  script_cve_id("CVE-2014-0718", "CVE-2014-0719", "CVE-2014-0720");
  script_bugtraq_id(65665, 65667, 65669);
  script_xref(name:"CISCO-BUG-ID", value:"CSCui67394");
  script_xref(name:"IAVA", value:"2014-A-0032");
  script_xref(name:"CISCO-BUG-ID", value:"CSCui91266");
  script_xref(name:"CISCO-BUG-ID", value:"CSCuh94944");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20140219-ips");

  script_name(english:"Multiple Vulnerabilities in Cisco Intrusion Prevention System Software (cisco-sa-20140219-ips)");
  script_summary(english:"Checks the IPS version.");

  script_set_attribute(attribute:"synopsis", value:"The remote security appliance is missing a vendor-supplied patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the version of the Cisco
Intrusion Prevention System software running on the remote is affected
by the following denial of service vulnerabilities :

  - The Analysis Engine can become unresponsive due to
    improper handling of fragmented packets processed
    through the device. The device is only affected when
    the 'produce-verbose-alert' action is enabled.
    (CVE-2014-0718)

  - The MainApp can become unresponsive due to improper
    handling of malformed TCP packets sent to the
    management interface. Other critical tasks such as
    alert notification, event store management, sensor
    authentication, and the Analysis Engine can become
    unresponsive as well. (CVE-2014-0719)

  - The Analysis Engine can become unresponsive due to
    improper handling of jumbo frames sent at a high rate.
    (CVE-2014-0720)

An unauthenticated, remote attacker can exploit these issues to cause
a denial of service."
  );
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ips
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a789b5da");
  script_set_attribute(
    attribute:"solution",
    value:
"Apply the relevant update referenced in Cisco Security Advisory
cisco-sa-20140219-ips."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/10/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:intrusion_prevention_system");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("cisco_ips_version.nasl");
  script_require_keys("Host/Cisco/IPS/Version", "Host/Cisco/IPS/Model");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

ver = get_kb_item_or_exit('Host/Cisco/IPS/Version');
model = get_kb_item_or_exit('Host/Cisco/IPS/Model');
model_ver = eregmatch(pattern:"[^0-9]([0-9]{4,})[^0-9]", string:model);
model_ver = model_ver[1];

flag = 0;
report = '\n  Model: ' + model + '\n';
fixed_ver = "";

# #################################################
# CSCui91266
# #################################################
cbi = "CSCui91266";
temp_flag = 0;

if (
  model_ver =~ "^42\d\d$" || model_ver =~ "^43\d\d$" ||
  model_ver =~ "^45\d\d$" || model =~ "ASA.*SS(M|P)"
)
{
  if (ver =~ "^7\.1\([4-7](p\d)?\)E4")
  {
    temp_flag++;
    fixed_ver = "7.1(8)E4";

    # Check if the 'produce-verbose-alert' option is enabled
    if (get_kb_item("Host/local_checks_enabled"))
    {
      temp_flag = 0;
      buf = cisco_command_kb_item("Host/Cisco/Config/show_configuration", "show configuration");
      if (check_cisco_result(buf))
        if (preg(multiline:TRUE, pattern:"produce-verbose-alert", string:buf)) temp_flag++;
    }
  }
}

if (temp_flag)
{
  report +=
    '\n  Cisco bug ID      : ' + cbi +
    '\n  Installed release : ' + ver +
    '\n  Fixed release     : ' + fixed_ver + '\n';
  flag++;
}

# #################################################
# CSCui67394
# #################################################
cbi = "CSCui67394";
temp_flag = 0;

if (model =~ "ASA.*SS(M|P)")
{
  if (
    ver =~ "^6\." ||
    ver =~ "^7\.0\(" ||
    ver =~ "^7\.1\([1-7](p\d)?\)E4" ||
    ver =~ "^7\.1\(8(p1)?\)E4")
  {
    temp_flag++;
    fixed_ver = "7.1(8p2)E4";
  }

  else if (ver =~ "^7\.2\(1(p[12])?\)E4")
  {
    temp_flag++;
    fixed_ver = "7.2(2)E4";
  }
}
# Cisco ASA 5505 Advanced Inspection and Prevention Security Services Card (AIP SSC)
else if (model =~ "ASA.*SSC")
{
  fixed_ver = "Refer to the Cisco advisory for more information.";
  temp_flag++;
}


if (temp_flag)
{
  report +=
    '\n  Cisco bug ID      : ' + cbi +
    '\n  Installed release : ' + ver +
    '\n  Fixed release     : ' + fixed_ver + '\n';
  flag++;
}

# #################################################
# CSCuh94944
# #################################################
cbi = "CSCuh94944";
temp_flag = 0;

if (model_ver =~ "^45\d\d$")
{
  if (ver =~ "^7\.1\([1-7](p\d)?\)E4")
  {
    temp_flag++;
    fixed_ver = "7.1(8)E4";
  }
}

if (temp_flag)
{
  report +=
    '\n  Cisco bug ID      : ' + cbi +
    '\n  Installed release : ' + ver +
    '\n  Fixed release     : ' + fixed_ver + '\n';
  flag++;
}

# Reporting
if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:report);
  else security_hole(0);
}
else audit(AUDIT_INST_VER_NOT_VULN, 'Cisco IPS', ver + ' on model ' + model);

Related

cisco 1
securityvulns 1
cvelist 3
cve 3
nvd 3
prion 3
seebug 3
cisco
cisco
Multiple Vulnerabilities in Cisco IPS Software
2014-02-19 16:00:00
securityvulns
securityvulns
Cisco Intrusion Prevention System multiple security vulnerabilities
2014-03-20 00:00:00
cvelist
cvelist
CVE-2014-0720
2014-02-22 21:00:00
CVE-2014-0719
2014-02-22 21:00:00
CVE-2014-0718
2014-02-22 21:00:00
cve
cve
CVE-2014-0719
2014-02-22 21:55:09
CVE-2014-0720
2014-02-22 21:55:09
CVE-2014-0718
2014-02-22 21:55:09
nvd
nvd
CVE-2014-0719
2014-02-22 21:55:09
CVE-2014-0720
2014-02-22 21:55:09
CVE-2014-0718
2014-02-22 21:55:09
prion
prion
Hardcoded credentials
2014-02-22 21:55:00
Design/Logic Flaw
2014-02-22 21:55:00
Code injection
2014-02-22 21:55:00
seebug
seebug
Cisco IPS Softwareζ‹’η»ζœεŠ‘ζΌζ΄ž(CVE-2014-0720)
2014-02-21 00:00:00
Cisco IPS Software Control-Plane MainAppζ‹’η»ζœεŠ‘ζΌζ΄ž
2014-02-21 00:00:00
Cisco IPS Softwareεˆ†ζžεΌ•ζ“Žζ‹’η»ζœεŠ‘ζΌζ΄ž
2014-02-21 00:00:00

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.002

Percentile

53.9%

JSON
Related for CISCO-SA-20140219-IPS.NASL
cisco1securityvulns1cvelist3cve3nvd3prion3seebug3