Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-20170419-ASA-TLS.NASL
HistoryApr 25, 2017 - 12:00 a.m.

Cisco ASA Software SSL / TLS Packet Handling DoS (cisco-sa-20170419-asa-tls)

2017-04-2500:00:00
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
47
JSON

According to its self-reported version and configuration, the Cisco Adaptive Security Appliance (ASA) software running on the remote device is affected by a denial of service vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code due to improper parsing of crafted SSL or TLS packets. An unauthenticated, remote attacker can exploit this, via specially crafted packets, to cause the device to reload.

#TRUSTED 75b885debbec8cfaad3e447686cd2d7eba7676e3d142eea672d0ff12cf7dc27fca7c7d02cc4c3b4f8e31dd65bdf2a198249a152347684783264d42d061c2f3f0a8e28c7983cf050d43523b89afa83ea07981f5a20228b01e0ee8bcb559fd3125fa5276ae763489d1c163a6dfa051885ec911fb9fc9eb1396a25f23c4c5cfa67863c143637cf3c2ed92594a48e9e52330960b20fe6c580437b35f3218e097220c2d137220c4c6126678b292dec1e5f4645ae2e8ff1c0071a687035acfbd15d14aaee47d8cbb242b9efabf1366ed7bf1c66148bd9318cca9049182cb131ec8fd1a9d892e1d2b04c8dbcf3be0616fa5f1b014645c42961be80fb5365b4dcb53b1fa93fe7e7e00bd11a861a0b4ba84d82384a5f288074eb579a34125aeebab9299ae9cd5524e159057a62c46df41f56f14244bc1e2b76a6d0cc78c5d7058ee8fff0759ff4e0493dc03d5ebaf4de81021ac06dccd1693e8f42f4f6bd3dad5638f8d07422c0dc7ed0d966196074c3f0cedff9d77155a3eb77e7a857b5ecb1dde45bfc9318de25458b8c05d28d1f4e9caab68ea4bd45073a28e9c104b6c13cb125e5d7cb6122af7f46a771596b46e1f05b7dd4f507a08ff302561205ba7327cd30727455eb70fbef6316c1ed4d5a02f75021ac65487e2450f64c33db86ab66c0ee2f33a383b17cff2c1cd49d9cd6f8ee3b26b8888aaf274b9bd75363dd5555314f9c996
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(99667);
  script_version("1.6");
  script_cvs_date("Date: 2019/11/13");

  script_cve_id("CVE-2017-6608");
  script_bugtraq_id(97937);
  script_xref(name:"CISCO-BUG-ID", value:"CSCuv48243");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20170419-asa-tls");

  script_name(english:"Cisco ASA Software SSL / TLS Packet Handling DoS (cisco-sa-20170419-asa-tls)");
  script_summary(english:"Checks the ASA version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version and configuration, the Cisco
Adaptive Security Appliance (ASA) software running on the remote
device is affected by a denial of service vulnerability in the Secure
Sockets Layer (SSL) and Transport Layer Security (TLS) code due to
improper parsing of crafted SSL or TLS packets. An unauthenticated,
remote attacker can exploit this, via specially crafted packets, to
cause the device to reload.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?262b831a");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuv48243");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco security
advisory cisco-sa-20170419-asa-tls.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-6608");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:adaptive_security_appliance_software");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
  script_require_keys("Host/Cisco/ASA", "Host/Cisco/ASA/model");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

asa = get_kb_item_or_exit('Host/Cisco/ASA');
model = get_kb_item_or_exit('Host/Cisco/ASA/model');

version = extract_asa_version(asa);
if (isnull(version)) audit(AUDIT_FN_FAIL, 'extract_asa_version');

if (
  model !~ '^1000V' && # 1000V
  model !~ '^55[0-9][0-9]($|[^0-9])' && # 5500 & 5500-X
  model !~ '^65[0-9][0-9]($|[^0-9])' && # 6500
  model !~ '^76[0-9][0-9]($|[^0-9])' && # 7600
  model !~ '^93[0-9][0-9]($|[^0-9])' && # Firepower 9300 ASA
  model !~ '^30[0-9][0-9]($|[^0-9])' && # ISA 3000
  model != 'v' # ASAv
) audit(AUDIT_HOST_NOT, "an affected Cisco ASA product");

cbi = 'CSCuv48243';

if (version =~ "^8\.4[^0-9]" && check_asa_release(version:version, patched:"8.4(7.31)"))
  fixed_ver = "8.4(7.31)";
else if (version =~ "^[0-8]\.")
  fixed_ver = "9.1(7)";
else if (version =~ "^9\.0[^0-9]" && check_asa_release(version:version, patched:"9.0(4.39)"))
  fixed_ver = "9.0(4.39)";
else if (version =~ "^9\.1[^0-9]" && check_asa_release(version:version, patched:"9.1(7)"))
  fixed_ver = "9.1(7)";
else if (version =~ "^9\.2[^0-9]" && check_asa_release(version:version, patched:"9.2(4.6)"))
  fixed_ver = "9.2(4.6)";
else if (version =~ "^9\.3[^0-9]" && check_asa_release(version:version, patched:"9.3(3.8)"))
  fixed_ver = "9.3(3.8)";
else if (version =~ "^9\.4[^0-9]" && check_asa_release(version:version, patched:"9.4(2)"))
  fixed_ver = "9.4(2)";
else if (version =~ "^9\.5[^0-9]" && check_asa_release(version:version, patched:"9.5(2)"))
  fixed_ver = "9.5(2)";
else audit(AUDIT_INST_VER_NOT_VULN, "Cisco ASA software", version);

override = FALSE;
flag = FALSE;

if (get_kb_item("Host/local_checks_enabled"))
{
  buf = cisco_command_kb_item("Host/Cisco/Config/show asp table socket | include SSL", "show asp table socket | include SSL");

  if (check_cisco_result(buf))
  {
    if (
      ("SSL" >< buf)
    ) flag = TRUE;
  }
  else if (cisco_needs_enable(buf)) override = TRUE;

  if (!flag && !override) audit(AUDIT_HOST_NOT, "affected because it is not configured to process SSL or TLS packets");
}

if (flag || override)
{
  security_report_cisco(
    port     : 0,
    severity : SECURITY_HOLE,
    override : override,
    version  : version,
    bug_id   : cbi,
    fix      : fixed_ver,
    cmds     : make_list("show asp table socket | include SSL")
  );
}
else audit(AUDIT_INST_VER_NOT_VULN, "Cisco ASA software", version);
VendorProductVersionCPE
ciscoadaptive_security_appliance_softwarecpe:/a:cisco:adaptive_security_appliance_software

Related

prion 1
cisco 1
openvas 1
cvelist 1
cve 1
prion
prion
Design/Logic Flaw
2017-04-20 22:59:00
cisco
cisco
Cisco ASA Software SSL/TLS Denial of Service Vulnerability
2017-04-19 16:00:00
openvas
openvas
Cisco ASA Software SSL/TLS Denial of Service Vulnerability (cisco-sa-20170419-asa-tls)
2017-04-20 00:00:00
cvelist
cvelist
CVE-2017-6608
2017-04-20 22:00:00
cve
cve
CVE-2017-6608
2017-04-20 22:59:00
JSON
Related for CISCO-SA-20170419-ASA-TLS.NASL
prion1cisco1openvas1cvelist1cve1