CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
42.0%
According to its self-reported version, the Cisco IOS XE software running on the remote device is affected by a denial of service vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature due to incomplete input validation of certain crafted packets. An unauthenticated, adjacent attacker can exploit this issue, via specially crafted autonomic network channel discovery packets, to cause the device to reload.
Note that this issue only affect devices with ANI enabled that are configured as an autonomic registrar and that have a whitelist configured.
#TRUSTED 40cf98c48d6878591b42938f605f502201196e613cc6edb2b8b6ce42939e833c459f4cb9d070437586d232f77e9e9ec0c2e2d76ca0337ec0ee6a1b50c2bfced61859375c6d9fa4135e5b5b5335bd5365dd466e16215dc2871ac1769783c4161eb6915c3615e8b1fd71af326bd6d522d5a5dd94fd9abb15386a0b6bc86f6aef95440aa761744a086861654cf6a45e23977fd2f4ec04793211c6ed36fcad90b555f72e02cf3e75fbb8542f5e1c526330eaf38c692a20b8eafecc7047aebd3a7e89b7a85eba3545e687bb8259352c3f4abb480b4316bbbb8db5443ff10472915dc301d30e7d1dd03ccbcd961a775a7aefa98ff9c24e960af6b672964128489bab96fc0bec852a162f016f130151c0588a0bf11676434678cb555d5fb9461e42573e5873d0097ad50f089a55481332aba71d83534f32a331553bd2ef296402082834b4054d63a116a7b35e83bd2ef337c9e7b53b2135f2765baf883262e0907ca678790383b72fc4ee76f9103ddc1443bb61e503f8ac7b7b0676ff786daebffd04b662b212ad32890738a81617db6ca41dc0230c9d56e22a1c460c9d52a241db66fc14c2cc05e4f50544d5fb99ab4daea140d300d24aeb15ec18dfcb45f4bf57be55bdbf167cf25ee1f39fe0a956e3887bc60d1851523af6dd404a277a14d2fcc51b2a96199425a5309d245a58702af97e6f4a9fd975a253e4496c019c4dfebc894f
#TRUST-RSA-SHA256 4c29309cf1f49621adc48ef97c7c704e522808608a00fd9102c8fb54c6044caf520ab35042e03e9623e07cea0d1c7d28e493e3e0ddb1b3d0435f18c89f44ab6e573c9ee0d578d2b5dbb540f2e6e08b7bfbb30b780cc73a3364782c02c2139ff5284bd3abc47bf1d42a1f2a02243b60f6cb89753d8f3f1dd1923bfb0c0f4fdfb2caeecdeaae138bf74a83d669d6cdf92bdac72d7149f2a28402c7630ef03a2af512b89dc28efeb9c40085d646e6b13124aff394f9e838d350b4b91b25f4ffd6d9877f984b484949998e454141977440b1757267c6f9e1f7869cb523353616e5eacdb9ade609304d57214c0517fa44e395ffbaf79d8935c50c8616a8cfe04d80f017228f4bc4c83d5b42d359404ef671cab5913d7772c8212749f8277dfde914f0b1ee8a7aaed04f2ce917a3c1292847fd2a558d51877e99d597cd6c221ad387e911f4c699791f2a9c704adc351b472d314312b6bd932654803b73cfa0bc235f981cf5a455cd23429e8c02b2a6ef414456b30c6ddcdd41c7aa735792ef262495649101fc3df32ce270a9dc5c499c6631878d894df5d868372a332acd447f086daaf8f3ea8ed95a0c370d3aa0172868da66230869cc62c80fc5548ddd872816bb4d088d91c6710e87dacae89562b02e5e55947e39bf156652acca531d42c2e2e0ca88f09601a9037c15ceb6dafca9a791bf9ba86485356a1f6ec5be225b0c546bb6
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(97944);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/03");
script_cve_id("CVE-2017-3849");
script_bugtraq_id(96972);
script_xref(name:"CISCO-BUG-ID", value:"CSCvc42717");
script_xref(name:"CISCO-SA", value:"cisco-sa-20170320-ani");
script_name(english:"Cisco IOS XE ANI Registrar DoS (cisco-sa-20170320-ani)");
script_summary(english:"Checks the IOS XE version.");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Cisco IOS XE software
running on the remote device is affected by a denial of service
vulnerability in the Autonomic Networking Infrastructure (ANI)
registrar feature due to incomplete input validation of certain
crafted packets. An unauthenticated, adjacent attacker can exploit
this issue, via specially crafted autonomic network channel discovery
packets, to cause the device to reload.
Note that this issue only affect devices with ANI enabled that are
configured as an autonomic registrar and that have a whitelist
configured.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?206d164a");
script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20170320-ani.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/20");
script_set_attribute(attribute:"patch_publication_date", value:"2017/03/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/24");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xe_version.nasl");
script_require_keys("Host/Cisco/IOS-XE/Version");
exit(0);
}
include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");
ver = get_kb_item_or_exit("Host/Cisco/IOS-XE/Version");
flag = 0;
override = 0;
affected_versions = [
'3.10.0S',
'3.10.1S',
'3.10.2S',
'3.10.3S',
'3.10.4S',
'3.10.5S',
'3.10.6S',
'3.10.2tS',
'3.10.7S',
'3.10.1xbS',
'3.10.8S',
'3.10.8aS',
'3.11.1S',
'3.11.2S',
'3.11.0S',
'3.11.3S',
'3.11.4S',
'3.12.1S',
'3.12.2S',
'3.12.3S',
'3.12.0aS',
'3.12.4S',
'3.13.0S',
'3.13.1S',
'3.13.2S',
'3.13.3S',
'3.13.4S',
'3.13.5S',
'3.13.2aS',
'3.13.0aS',
'3.13.5aS',
'3.13.6S',
'3.13.6aS',
'3.14.0S',
'3.14.1S',
'3.14.2S',
'3.14.3S',
'3.14.4S',
'3.15.0S',
'3.15.1S',
'3.15.2S',
'3.15.1cS',
'3.15.3S',
'3.15.4S',
'3.7.0E',
'3.7.1E',
'3.7.2E',
'3.7.3E',
'3.7.4E',
'3.7.5E',
'3.16.0S',
'3.16.1S',
'3.16.1aS',
'3.16.2S',
'3.16.0cS',
'3.16.3S',
'3.16.2bS',
'3.16.3aS',
'3.16.4S',
'3.16.4aS',
'3.16.4bS',
'3.16.5S',
'3.16.4dS',
'3.17.0S',
'3.17.1S',
'3.17.2S ',
'3.17.1aS',
'3.17.3S',
'3.8.0E',
'3.8.1E',
'3.8.2E',
'3.8.3E',
'3.18.0aS',
'3.18.0S',
'3.18.1S',
'3.18.2S',
'3.18.3vS',
'3.18.0SP',
'3.18.1SP',
'3.18.1aSP',
'3.18.1bSP',
'3.18.1cSP',
'3.9.0E',
'3.9.1E'
];
foreach affected_version (affected_versions)
if (ver == affected_version)
flag++;
# Check that ANI is running
if (flag && get_kb_item("Host/local_checks_enabled"))
{
flag = 0;
buf = cisco_command_kb_item("Host/Cisco/Config/show_run_autonomic","show run | include autonomic");
if (check_cisco_result(buf))
{
if (
( !empty_or_null(buf) ) &&
( "no autonomic" >!< buf )
) flag = 1;
}
else if (cisco_needs_enable(buf))
{
flag = 1;
override = 1;
}
}
if (flag) security_report_cisco(severity:SECURITY_WARNING, port:0, version:ver, bug_id:'CSCvc42717', override:override);
else audit(AUDIT_HOST_NOT, "affected");
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
42.0%