Cisco IOS XE Software Autonomic Networking Infrastructure DoS (cisco-sa-20170726-anidos)

2019-11-22T00:00:00
ID CISCO-SA-20170726-ANIDOS-IOSXE.NASL
Type nessus
Reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-02-02T00:00:00

Description

According to its self-reported version, Cisco IOS XE Software is affected by a denial of service (DoS) vulnerability in the Autonomic Networking feature. An unauthenticated, adjacent attacker can exploit this by replaying captured packets to reset the Autonomic Control Plane (ACP) channel of an affected system in order to reset the ACP channel of an affected system, causing autonomic nodes of an affected system to reload and stop responding.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Note that Nessus has not tested for this issue but has instead relied only on the application

                                        
                                            #TRUSTED ab0e7b1237fd445e4008e1631aeb3dfa415eb436cc244bb8e21aa8e38c4988ff591eb011714fce0de93bc376f57de3a461a5cef866012b2e944f58b9c1643b1b5efbc0afd3a8a3286c6b93f0714c3cbea8c2cbbc75186e8626d218c3dfa99069fe6dd017765e23d78c359b5b7cf90f23c327b98a3b4f1bb375f4bddd5f5a9730d3e61d457f8e3f57e7ad256eb231c4328695ac1441281daf8e46255c1448ea92066c2379b1ab4b5e2c79c971fa0542fa16ac6a18dc204f3ba4638fde8cff6bf3f2f72cbc0595ddf0b499fb1c7c285f3ffa594b09930c84da731cf47a5756720bc8d64ac2ebf2d2d7365bd8ed73e9114e6dad51c31e109b2f328b7129ca359cfe6373c90c10e0041634ec3ef50ef573e94b2930d264ceefa9932ee47cc357e73cb15dacdfb3f39e7a01ec9d997b2190a728b42a223655ac8b5285ed18568bc838f74d5ecc704ee8b45146cc696ba00a24c6c696b6fcaf09690528fe5867573e21ef14f52797299e639daf396be22d565b0fac38e8ed06735ca7e93784037528334c7815a12dc9d63758dd98b0e3f119282606c7978486d78a6a9b483b6c0e50b6ac8b649a7f71d97b8ccadc731e753255f4ff5a5974134eee52b25e4194003b29b862f7a4baf9f3416701a9e449fa9feacecc296b6af2a9f20a67c73c7a66f3c0c3a9329462810a1db14ba0a0465aacb87d02d6bce1f9a9ce012a2393ed63ae8a
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(131188);
  script_version("1.4");
  script_cvs_date("Date: 2019/11/25");

  script_cve_id("CVE-2017-6663");
  script_bugtraq_id(99973);
  script_xref(name:"CISCO-BUG-ID", value:"CSCvd88936");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20170726-anidos");

  script_name(english:"Cisco IOS XE Software Autonomic Networking Infrastructure DoS (cisco-sa-20170726-anidos)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS XE Software is affected by a denial of service (DoS) vulnerability in
the Autonomic Networking feature. An unauthenticated, adjacent attacker can exploit this by replaying captured packets
to reset the Autonomic Control Plane (ACP) channel of an affected system in order to reset the ACP channel of an
affected system, causing autonomic nodes of an affected system to reload and stop responding.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-anidos
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?89580ea2");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd88936");
  script_set_attribute(attribute:"solution", value:
"No fixes are available. For more information, see Cisco bug ID(s) CSCvd88936.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-6663");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/07/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_xe_version.nasl");
  script_require_keys("Host/Cisco/IOS-XE/Version");

  exit(0);
}

include('cisco_workarounds.inc');
include('ccf.inc');

product_info = cisco::get_product_info(name:'Cisco IOS XE Software');

version_list = make_list(
  '3.10.4S',
  '3.10.1xcS',
  '3.10.8aS',
  '3.11.4S',
  '3.12.0S',
  '3.12.1S',
  '3.12.2S',
  '3.12.3S',
  '3.12.0aS',
  '3.12.4S',
  '3.13.0S',
  '3.13.1S',
  '3.13.2S',
  '3.13.3S',
  '3.13.4S',
  '3.13.5S',
  '3.13.2aS',
  '3.13.6S',
  '3.13.6aS',
  '3.13.7aS',
  '3.13.8S',
  '3.14.0S',
  '3.14.1S',
  '3.14.2S',
  '3.14.3S',
  '3.14.4S',
  '3.15.0S',
  '3.15.1S',
  '3.15.2S',
  '3.15.1xbS',
  '3.15.2xbS',
  '3.15.3S',
  '3.15.4S',
  '3.7.0E',
  '3.7.1E',
  '3.7.2E',
  '3.7.3E',
  '3.7.4E',
  '3.7.5E',
  '3.16.0S',
  '3.16.1S',
  '3.16.0aS',
  '3.16.1aS',
  '3.16.2S',
  '3.16.2aS',
  '3.16.0bS',
  '3.16.3S',
  '3.16.3aS',
  '3.16.4S',
  '3.16.4aS',
  '3.16.4bS',
  '3.16.5S',
  '3.16.4cS',
  '3.16.6S',
  '3.16.5aS',
  '3.16.5bS',
  '3.16.7S',
  '3.16.6bS',
  '3.16.7aS',
  '3.16.7bS',
  '3.16.8S',
  '3.16.9S',
  '3.16.10S',
  '3.17.0S',
  '3.17.1S',
  '3.17.2S',
  '3.17.3S',
  '3.17.4S',
  '16.2.1',
  '16.2.2',
  '3.8.0E',
  '3.8.1E',
  '3.8.2E',
  '3.8.3E',
  '16.3.1',
  '16.3.2',
  '16.3.3',
  '16.3.1a',
  '16.3.4',
  '16.3.5',
  '16.3.5b',
  '16.3.6',
  '16.3.7',
  '16.3.8',
  '16.3.9',
  '16.4.1',
  '16.4.2',
  '16.4.3',
  '16.5.1',
  '16.5.1a',
  '16.5.1b',
  '16.5.2',
  '16.5.3',
  '3.18.0S',
  '3.18.1S',
  '3.18.2S',
  '3.18.3S',
  '3.18.4S',
  '3.18.0SP',
  '3.18.1SP',
  '3.18.1gSP',
  '3.18.1bSP',
  '3.18.1cSP',
  '3.18.2SP',
  '3.18.1hSP',
  '3.18.1iSP',
  '3.18.3SP',
  '3.18.4SP',
  '3.18.3bSP',
  '3.18.5SP',
  '3.18.7SP',
  '3.18.8SP',
  '3.9.0E',
  '3.9.1E',
  '16.6.1',
  '16.6.2',
  '16.6.3',
  '16.6.4',
  '16.6.5',
  '16.6.4a',
  '16.6.5a',
  '16.6.6',
  '16.6.5b',
  '16.6.7',
  '16.6.7a',
  '16.7.1',
  '16.7.2',
  '16.7.3',
  '16.8.1',
  '16.8.1a',
  '16.8.1b',
  '16.8.1s',
  '16.8.1c',
  '16.8.2',
  '16.8.3',
  '16.9.1',
  '16.9.1a',
  '16.9.1s',
  '16.9.3',
  '16.9.2a',
  '16.9.2s',
  '16.9.3h',
  '16.9.4',
  '16.9.3s',
  '16.9.3a',
  '16.9.4c',
  '16.9.5',
  '16.9.4d',
  '16.10.1',
  '16.10.1a',
  '16.10.1b',
  '16.10.1s',
  '16.10.1e',
  '16.10.2',
  '16.11.1',
  '16.11.1a',
  '16.11.1b',
  '16.11.2',
  '16.11.1s',
  '16.11.1c',
  '16.12.1',
  '16.12.1s',
  '16.12.1a',
  '16.12.1c',
  '16.12.2',
  '16.12.2a',
  '17.2.1'
);

workarounds = make_list(CISCO_WORKAROUNDS['autonomic_networking']);
workaround_params = make_list();

reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_WARNING,
  'version'  , product_info['version'],
  'bug_id'   , 'CSCvd88936',
  'cmds'     , make_list('show running-config')
);

cisco::check_and_report(
  product_info:product_info,
  reporting:reporting,
  vuln_versions:version_list,
  workarounds:workarounds,
  workaround_params:workaround_params
);