CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
72.0%
According to its self-reported version and configuration, the Cisco IOS software running on the remote device is affected by a denial of service vulnerability in the PROFINET Discovery and Configuration Protocol (PN-DCP) feature. An unauthenticated, remote attacker can exploit this, via specially crafted PN-DCP requests, to cause the switch to stop processing traffic, requiring a device restart to regain functionality.
#TRUSTED 34029a56a9536626e07786a50d06a3c50fe2b8ae4ce547eca47e551ab29f983c35d637277b99b3751ecee143083626cb744b5c8d1a8a0b3f11f28c8998bf872d27520c0cd82a3c2372f9cf7c28980a02884cb6b51acb5bb702879f6bc061c21d3f4d5cbd41bc13c4330439a5dcc15c763fd0fdd618fe9a6580f4a5cfa8574f07ac80f31b54ac84809c7c4cd9c51a43cf84603b4453b9d7cb75e0b3d2daca0997eee094543b179145666d1ac05446c8d97a2379276794c9b46e006ad9f2ec8ded2a7e7963ff05f83bd805ea7e6f3a28a80e495e93e6b08b35b99195b12c9118c36f139b0bb5bd8ef996786f3f0931c7fb5a998697ae666388b8f06af74a4f58aca69663ebd1c3d62e71efb9a8402f6d1c9ffb9106f3880ac8c5cbd1c2e9696ee496eb77ec16535c9f2b152e950e9579cab70b63d21f9be8e52e1588285325344ba42446dfb4cebc85c41501e61987e6a84bbc11fcb5ba553d2d0dd0a3405771b34886678a1e44097f960ae4e9a06d3faa25e7618eda3081d96b7999bdbf0d29340f67952809cd32b11990045d74df3c888be733ddf9429ace4b2b73407592915f727f76771ae303c47e9168ed1fe3bafcc5730dc710b6bdcfaad419da211fb708c52230b70f2684c9e16df58f4b645d703b580f1da145d74ca74296cb75e654abea8d9bdd47dad18135dde204a6dec42d6c807052d489dc721fd53e459f0f312c
#TRUST-RSA-SHA256 21dd84983757543876a932ad5c7d0bdef494cf900aa102378a8240c2cdc23768110a93a1298fe731cbb39eaab5ddf0ac87892d951558ec3c607ebe58660597e91b9e364a3a39beaf694198d4a44e99466e0011025e77501a6e02761bd8909d560bf16dbd52267e478d1178332ccd4cb5dfcb8efc6a4b175f31c9c235f2528e55f6c1f9bb1a8d2edc9a53f0ead0be4267c4e05e04ba624a26756ce6ccb6f0c48a9476362070aabccd0f5bb25766b6e033de0b6dc5465ad2fa10592e2b2b678b24135236942eab4899c755f0a26c3c6c839d15c19c5d58976cf1e49cd1a50c17689608e5327c9f0ad3a65f50fde0c6d7a92f8d23ccb1c224bca56f726d3915315c223e0a088c76ae9d326ef670d399982574542e14c9c29bcc8468e356cccc5bb232e91f8020ae3739fc5f4955c517a04e4f94af706436fee717a689f9d3c6f44d3797791dabf909d09199910f0785487c78f81aa5e593be27fd4bfca8074084d5e586cdac5a5699311e9639ca1fed075d8d3d535650877a002effcd4e4858a8ed289728036ab920db8a4ff8ce4b481abef5d7f60f3d420967166ea469d0ca9d836efb7625b0f707c267ac8b7c61e89828fe18658ed8bbb7cc4d44b46f67683c9360f9fdec43c4cd7e1b805ed216ae2d5439f1ddcbd19304ee8e87c2c7e8ba42cf92b65b021816c857fe7cd1870208343705035cf0603fce945be6ac8a4e01307a
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(103670);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");
script_cve_id("CVE-2017-12235");
script_bugtraq_id(101043);
script_xref(name:"CISCO-BUG-ID", value:"CSCuz47179");
script_xref(name:"CISCO-SA", value:"cisco-sa-20170927-profinet");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");
script_name(english:"Cisco IOS Software PROFINET denial of service (cisco-sa-20170927-profinet)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version and configuration, the Cisco
IOS software running on the remote device is affected by a denial of
service vulnerability in the PROFINET Discovery and Configuration
Protocol (PN-DCP) feature. An unauthenticated, remote attacker can
exploit this, via specially crafted PN-DCP requests, to cause the
switch to stop processing traffic, requiring a device restart to
regain functionality.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9b66383b");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCuz47179.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12235");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/27");
script_set_attribute(attribute:"patch_publication_date", value:"2017/09/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/05");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_version.nasl");
script_require_keys("Host/Cisco/IOS/Version");
exit(0);
}
include("audit.inc");
include("cisco_workarounds.inc");
include("ccf.inc");
product_info = cisco::get_product_info(name:"Cisco IOS");
version_list = make_list(
'12.2(55)SE',
'15.0(1)EY',
'12.2(55)SE3',
'12.2(52)SE',
'12.2(58)SE',
'12.2(52)SE1',
'15.0(2)SE',
'12.2(58)SE1',
'12.2(55)SE4',
'12.2(58)SE2',
'12.2(55)SE5',
'12.2(55)SE6',
'15.0(2)SE1',
'15.0(1)EY1',
'15.0(2)SE2',
'15.0(2)EC',
'15.0(2)EB',
'12.2(55)SE7',
'15.2(2)E',
'15.0(1)EY2',
'15.0(2)EY',
'15.0(2)SE3',
'15.0(2)EY1',
'15.0(2)SE4',
'15.2(1)EY',
'15.0(2)SE5',
'15.0(2)EY2',
'12.2(55)SE9',
'15.0(2)EA1',
'15.0(2)EY3',
'15.0(2)SE6',
'15.2(2)EB',
'15.2(1)EY1',
'12.4(25e)JAO3a',
'12.4(25e)JAO20s',
'12.2(55)SE10',
'15.3(3)JN',
'15.2(2)E1',
'15.1(4)M11',
'15.0(2)SE7',
'15.2(2b)E',
'15.2(3)E1',
'15.2(2)E2',
'15.3(3)SA',
'15.2(2)E3',
'12.4(25e)JAP3',
'12.4(25e)JAO5m',
'15.0(2)SE8',
'15.0(2)SE9',
'15.1(4)M12',
'15.2(2a)E2',
'15.2(3)E2',
'15.2(2)EA1',
'15.2(2)EA2',
'15.2(3)EA',
'15.2(3)EA1',
'15.2(1)EY2',
'15.2(2)JA3',
'15.2(4)JB8',
'15.3(3)JAX3',
'15.3(3)JN5',
'15.4(3)SN2',
'15.5(2)SN0a',
'15.2(3)E3',
'15.2(2)EB1',
'15.5(3)SN1',
'15.3(3)JN6',
'15.3(3)JBB3',
'15.2(4)EA',
'12.2(55)SE11',
'15.2(2)E4',
'15.2(4)EA1',
'15.2(2)E5',
'12.4(25e)JAP1n',
'15.3(3)JBB7',
'15.3(3)JC30',
'15.2(3)E2a',
'15.5(3)S2a',
'15.3(3)JBB6a',
'15.0(2)SE10',
'15.2(3)EX',
'15.3(3)JPB',
'15.2(3)E4',
'15.2(2)EA3',
'15.2(2)EB2',
'15.3(3)JNP2',
'15.6(2)S0a',
'15.2(4)EA3',
'15.4(3)S5a',
'15.5(3)S2b',
'15.6(1)S1a',
'12.4(25e)JAP9',
'15.2(4)EC',
'15.1(2)SG7a',
'15.5(3)S3a',
'15.3(3)JC50',
'15.3(3)JC51',
'15.6(2)S2',
'15.3(3)JN10',
'15.2(4)EB',
'15.2(2)E6',
'15.2(4)EA4',
'15.2(4)EA2',
'15.3(3)JPB2',
'15.5(3)S4a',
'15.2(2)E5a',
'15.5(3)S4b',
'15.2(3)E5',
'15.0(2)SE10a',
'15.2(4)EA5',
'15.2(2)E5b',
'15.2(5a)E1',
'15.6(2)SP1b',
'15.5(3)S4d',
'15.6(2)SP1c',
'15.2(4a)EA5',
'15.5(3)S4e',
'15.1(2)SG9',
'15.3(3)JPC3',
'15.3(3)JDA3',
'15.5(3)S5a',
'15.4(3)S6b',
'15.4(3)S7a',
'15.3(3)JNC4',
'15.4(3)M7a',
'15.5(3)S5b',
'15.6(2)S3',
'15.3(3)JC7',
'15.6(2)SP2a',
'15.3(3)JND2',
'15.3(3)JCA7',
'15.0(2)SQD7',
'15.2(5)E2a',
'15.2(5)E2b',
'15.3(3)JE1',
'15.3(3)JN12'
);
workarounds = make_list(CISCO_WORKAROUNDS['profinet']);
reporting = make_array(
'port' , 0,
'severity' , SECURITY_HOLE,
'version' , product_info['version'],
'bug_id' , 'CSCuz47179',
'cmds' , make_list('show running-config')
);
cisco::check_and_report(product_info:product_info, workarounds:workarounds, reporting:reporting, vuln_versions:version_list);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
72.0%