CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
54.1%
According to its self-reported version, the Cisco IOS XE software running on the remote device is affected by a denial of service vulnerability in the Autonomic Networking Infrastructure (ANI) component due to incomplete input validation of certain crafted IPv6 packets. An unauthenticated, remote attacker can exploit this issue, via specially crafted IPv6 packets, to cause the device to reload.
Note that this issue only affect devices with ANI enabled that have a reachable IPv6 interface.
#TRUSTED 38a19ffbd6fa57428c595e2b2b6b76ea9771226a3dfe0e63407dd23315b5ca7c47260634f2f28025efcdbcb4cacc03c056d732a2110145870a7c8af7b2529bedf7d612cdb0f38fc48c9309fca1c492a3dd84131b8814c43c8788696e3377a636c1c8948056b565c2356e812b90fc150e22f84223c6fdfc36bb92ab309230147c0b573d3c9a97f44c98a4474623a6f8936ade4bc6a9b205fe5ff42e6a93b231ebcf7755ab5f0e1afb763a9d5a2cd068076faebeea5a562ba7655032d59c31ec11b0fc33ac29f57853c7a8399e84f706c59d927be7e268365f726e2d7e99e48003e7944d70aa918fa3ecac0063d4ef57210386a006d11d41a30d62f6310ab601bdd1ea50aba00d15837afed48469423e1e4b26fe80c49adc1f0fd1021388d1a38118aab97cd096830874e1e34f7cf7c188d2542ef1a0066e6c747547c8a929cc4346296f7d4b4dfb4da0a98ffaa03f60308c995fe3ef30d75ab3e74e9dcbce287a21c51f2d1bc9c5ebafae28d07265bd79068cdff2b83b2ba589ac7a0b4d9d153f7be390714c0428616d437ce96c41712c873569fffaeb8662fcc12668a69b3a3eb63cc04160712ac9b7f652724948dc67ccbc3e5a4b9304ccd6b56711ffb01d61f18538d0217ab50eea059ac0fa9e0ec6fad64f0f43e40fd19497f220a51dd9db7a120d88f4458e839b3e9bd1657ad5d83d49b333e31efc4e790eee151a3e5460
#TRUST-RSA-SHA256 10b8561c924750b3df85c9908fb0cc2157dfa71b3f3a27c23d32e0c2606979343d09d604be5ab23391932c8a61844b8ae4288ef304d02a6c4d992b81d313bf4747cfe316b9cdaa797b9ed4981cc822c68a199e049bf3c222b0cdcbc732016fb90d540a98f6f827afc9b9f87082ba6f7714d597ec89fdcd44bade3ee429e682539eec72a9b59619d3538efa9e9a92829fce132390cfc89a298acfc3c9246e3d32fa17b3aabbbc2cdc57321c8a7d8e6c98020b5e2234b43117e3f7ce95188fce2ccd10c1ad91ffe13e8b4917e77e7968c453083f3ccbda98db1f3a339e5e1475c28ac2a8085e1aaf83aa808142e579896d8d016b0f3fa08de47e96333138ffd26190b444d5f9e7d334f3be1bbf548cbc8f50eae0a5682f7a94786d44bff63741ca22f36ab365f0cb9f9df3a6c5b7492cd58a1c64797eed2ccc95099d102bfe76023542d26c3aca4c96fdded67d4337cea623c0544bcb7cf6954614c3ee3a904cb408f3225ff8af6a9f38d8d7d182b70f5a9758c96b43ed1c9aa2c022d7107da1b1d7fbcdc3ffa03138bf6c5541247f64592b8839766bb3b748b7a850f256ee74f25e85a7cbf8cf820fe1c405bcfaa045714ba1cb69047d6ba59f66484ad9d6e63d5d1e7e232035b67d427da21dd59234f5d1a06144a2529f7d436b2ba83de08b05ed50279370032852e9aa3dddedd1a6ae948cc8de192dbeffb50158db7e26286d
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(97946);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/03");
script_cve_id("CVE-2017-3850");
script_bugtraq_id(96971);
script_xref(name:"CISCO-BUG-ID", value:"CSCvc42729");
script_xref(name:"CISCO-SA", value:"cisco-sa-20170320-aniipv6");
script_name(english:"Cisco IOS XE ANI IPv6 Packets DoS (cisco-sa-20170320-aniipv6)");
script_summary(english:"Checks the IOS XE version.");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Cisco IOS XE software
running on the remote device is affected by a denial of service
vulnerability in the Autonomic Networking Infrastructure (ANI)
component due to incomplete input validation of certain crafted IPv6
packets. An unauthenticated, remote attacker can exploit this issue,
via specially crafted IPv6 packets, to cause the device to reload.
Note that this issue only affect devices with ANI enabled that have a
reachable IPv6 interface.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8d249229");
script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20170320-aniipv6.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3850");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/20");
script_set_attribute(attribute:"patch_publication_date", value:"2017/03/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/24");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xe_version.nasl");
script_require_keys("Host/Cisco/IOS-XE/Version");
exit(0);
}
include("audit.inc");
include("cisco_workarounds.inc");
include("ccf.inc");
product_info = cisco::get_product_info(name:"Cisco IOS XE Software");
version_list = make_list(
'3.10.0S',
'3.10.1S',
'3.10.2S',
'3.10.3S',
'3.10.4S',
'3.10.5S',
'3.10.6S',
'3.10.7S',
'3.10.1xbS',
'3.10.8S',
'3.11.1S',
'3.11.2S',
'3.11.0S',
'3.11.3S',
'3.11.4S',
'3.12.1S',
'3.12.2S',
'3.12.3S',
'3.12.0aS',
'3.12.4S',
'3.13.0S',
'3.13.1S',
'3.13.2S',
'3.13.3S',
'3.13.4S',
'3.13.5S',
'3.13.0aS',
'3.13.5aS',
'3.13.6S',
'3.13.6aS',
'3.14.0S',
'3.14.1S',
'3.14.2S',
'3.14.3S',
'3.14.4S',
'3.15.0S',
'3.15.1S',
'3.15.2S',
'3.15.1cS',
'3.15.3S',
'3.15.4S',
'3.7.0E',
'3.7.1E',
'3.7.2E',
'3.7.3E',
'3.7.4E',
'3.7.5E',
'3.16.0S',
'3.16.1S',
'3.16.1aS',
'3.16.2S',
'3.16.2aS',
'3.16.0cS',
'3.16.3S',
'3.16.2bS',
'3.16.3aS',
'3.16.4S',
'3.16.4aS',
'3.16.4bS',
'3.16.5S',
'3.16.4dS',
'3.17.0S',
'3.17.1S',
'3.17.2S ',
'3.17.1aS',
'3.17.3S',
'3.8.0E',
'3.8.1E',
'3.8.2E',
'3.8.3E',
'3.18.0aS',
'3.18.0S',
'3.18.1S',
'3.18.2S',
'3.18.3vS',
'3.18.0SP',
'3.18.1SP',
'3.18.1aSP',
'3.18.1bSP',
'3.9.0E',
'3.9.1E'
);
workarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);
workaround_params = WORKAROUND_CONFIG['ipv6_enabled'];
reporting = make_array(
'port' , 0,
'severity' , SECURITY_HOLE,
'version' , product_info['version'],
'bug_id' , "CSCvc42729",
'cmds' , make_list("show running-config")
);
cisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list);
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
54.1%