Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-20160323-NCS.NASL
HistoryApr 06, 2016 - 12:00 a.m.

Cisco IOS XR SCP and SFTP Modules DoS (cisco-sa-20160323-ncs)

2016-04-0600:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
68

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:C/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

34.1%

JSON

According to its self-reported version, the Cisco IOS XR software running on the remote device is affected by a denial of service vulnerability in the Secure Copy Protocol (SCP) and Secure FTP (SFTP) modules due to insecure permissions on certain files. An authenticated, remote attacker can exploit this to overwrite system files, resulting in a denial of service.

#TRUSTED 9088c04de80ec920323c1dc525a48d5f89251ddfb4103cae4d2a3eacd4ed487d0cff96ce47fc47bd3f93662522b4d956d7b4e213c527ebb00669b44eaf0913e02cc3bda0468e8f34f390fce64ada2049f6420efc875ab70b2a9628e072dbf814d3bae8b12acff1fb2a35065280558be532a0e2d405fa264b743729b6b03bfc0fb8e3b14d117e608a39c0aab43b0ddb6c85db802292eed5b915913663b5f68d38ae133a616d971b3f8b1418da68e19a06593ea75dcb325735fd54ef005f674bac39f3dd960584a42ebc9826861391be051ebc08e6d9e2f02c7725f47ccdd4923afb3e47fc1d80ac3c61fa45bb7cc6c1e3a562f6b4e5d749cdec9c8122ca5f67a3cc288c5bb941c70380c8e0a96a71efb690044928ff90f59a6f0491524dc4a5cb601bc1a868e6a58ad239afd826f5e2db82239fdd0860adfb3e11436b3646e9a6bbf1309f02f2cb4b14d6a4931a7fdb68f84ef0d267b64db40fcf580926317101a26cc543fc43e12bc1fd289ff4b40b455c6dc43ae9ebcacac5399c461050d868b0d96ab00e701e2e2556161799b4836d597af860088f46be06e28c4b4a61782d735726dc5609adf0e16ac9d79b218bdbe1698a185aee77338c3355fcc8240e2df68de25507a142c65c184519c78b06a7aa669b2e94a7c07e986623aac68b294612d11d4bb8d489033eb806b0312e2a8263a17b50b346d5e80bb2480084dbec74
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(90357);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/04/08");

  script_cve_id("CVE-2016-1366");
  script_xref(name:"CISCO-BUG-ID", value:"CSCuw75848");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20160323-ncs");

  script_name(english:"Cisco IOS XR SCP and SFTP Modules DoS (cisco-sa-20160323-ncs)");
  script_summary(english:"Checks the IOS XR version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Cisco IOS XR software
running on the remote device is affected by a denial of service
vulnerability in the Secure Copy Protocol (SCP) and Secure FTP (SFTP)
modules due to insecure permissions on certain files. An
authenticated, remote attacker can exploit this to overwrite system
files, resulting in a denial of service.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3fc8f969");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCuw75848.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1366");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/06");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_xr_version.nasl");
  script_require_keys("Host/Cisco/IOS-XR/Version", "Settings/ParanoidReport");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

flag = 0;
override = 0;

cbi = "CSCuw75848";

version = get_kb_item_or_exit("Host/Cisco/IOS-XR/Version");

port = get_kb_item("Host/Cisco/IOS-XR/Port");
if(empty_or_null(port))
  port = 0;

# Since we cannot properly check the model, only run when paranoid
if (report_paranoia < 2) audit(AUDIT_PARANOID);

if( version =~ "^5\.0\.[01]([^0-9]|$)" ) flag = 1;
if( version =~ "^5\.2\.[1345]([^0-9]|$)" ) flag = 1;

if (flag)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Cisco bug ID      : ' + cbi +
      '\n  Installed release : ' + version +
      '\n';

    security_warning(port:port, extra:report + cisco_caveat(override));
  }
  else security_warning(port:port, extra:cisco_caveat(override));
}
else audit(AUDIT_HOST_NOT, "affected");

Related

nvd 1
openvas 1
cve 1
prion 1
cvelist 1
cisco 1
nvd
nvd
CVE-2016-1366
2016-03-24 22:59:00
openvas
openvas
Cisco IOS XR Software SCP and SFTP Modules Denial of Service Vulnerability (cisco-sa-20160323-ncs)
2016-05-04 00:00:00
cve
cve
CVE-2016-1366
2016-03-24 22:59:00
prion
prion
Code injection
2016-03-24 22:59:00
cvelist
cvelist
CVE-2016-1366
2016-03-24 22:00:00
cisco
cisco
Cisco IOS XR Software SCP and SFTP Modules Denial of Service Vulnerability
2016-03-23 21:31:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:C/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

34.1%

JSON
Related for CISCO-SA-20160323-NCS.NASL
nvd1openvas1cve1prion1cvelist1cisco1