CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
90.5%
According to its self-reported version, Cisco IOS XE Software is affected by a denial of service (DoS) vulnerability in the Internet Key Exchange Version 2 (IKEv2) module due to incorrect processing of certain IKEv2 packets. An unauthenticated, remote attacker can exploit this, by sending crafted IKEv2 packets to an affected device, in order to cause a memory leak or a reload of an affected device, leading to a DoS condition.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#TRUSTED 4ce1e32915f616d4e9d3d4a72bcd348e3bb9dd3f018afe4a1775e74be1f1c9f70e32e4b6cc9ab56ad3f39f724878498fc2bc3e1700181359efc56bab1cd03299a3be9a16d13aedae1c1b5ce11de6dacec93a443a35dcca0fbcab39cf03892e45d50db4215428b0b2ad537a1baf0b2d04e190b9c7b71ea273bd164337683151cc94bd596b5f3f39463428d5fb0ca22da33c9d96b1d0d83f50665b4b6655ef38ac97ad282c02c9651900d424e48ade2595947353a19771e293799c3a0aa214e8758e493c928ae8326a44724a8456ade3d96ebe5809c00fcfbdff3c3ba96c560a70e310a69a88d61b52e8823316514a8e9b805f7ffc8eedc4d3938d492b95aa93731e683f6d7e9a337a5a204f4db083db51b42f3a7302127034d52db825293631fb9ae7052d9b2a369324967738a00bde7c5f1cb303604eaad2d8f6b782ae947ba416a6e6b80d6da67204df918413409714353438b886cc5f08f76c26e1173cef717ed676713baeeb6803784f2e844ec66fa3c14f0a081fb6067b9ab4ff57b1e8b8ad92755d481d3aae775ce234c43d436a3cdcb4b2118bbedade266b289e52d1d8ac4fb3c4d4a55d241413b68fb78e695c2c270b26177457dff2f931f6b4a8528d554b207530e345b3b90a005badfaabccafa6bd885e956efe1959750cfcd30db2816ed819254ed24d6dff6554186624409e9c521d17910b879a15c75a67a2a297
#TRUST-RSA-SHA256 73810781a87899052ff12857832abe8c7fdcf73c1fd0391183eb88f678342bb7cd9e29915b39e3fb3a2c62cbf2fcd0c05538ec44ffe4d50dc3ca0ef6770ebb8332e0f52ed95eab405058c508b54a03f3af64e89f6f8c7c42f532fed9df87f5edfc6a6c1bd374866e1df1a03f3e15b1837e8c6348e1077614995870538683507804002bc2e68ab57ac74800a5f515a4941f6660828ede079082147e591ed7304ab12579f6c5ddc172b109deb5e1016c21f444dd7090dd6291ee66196b52eaf49cd00212f78590d854d16615a7ca0752740d198899050635dbf6b272417b5cdc9163e5028f70664f64f49851594a29ca83955b811b364a7ff5e5b544dd4f2794b83b587a6e77dbe6c72225b4429485fba3fe947016d2232e0056b1fc8fdadb727b4c64dbfd8e4a718b3eeef53a6f206016afb37757a7ee0934c83f5e36eff1d41eba29a7b61f6dd725613876b6240b81af64fcbffeaf66ba406c6fb5784fd1d923a6e5692b1caf8523eee88ea3943d614ed20e07de019fd76d9c5437a31a3e55bdc7d4e135ee7852bb090c573ad7fbc095c82ab008095ea569c5700eb79b87afb11f8a2dba472ab4e83fe5d3ccd71874824a285f7d29821c64187c9e862e107280870509ca71fd790b64228c68dd59333556070381653f3bc1d75c6f93c7ff730539a2a51ed2f77f9342a9fca52976f4146d4a7c6f6718377ad9b4f2beed38c239
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(131326);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/03");
script_cve_id("CVE-2018-0158");
script_bugtraq_id(103566);
script_xref(name:"CISCO-BUG-ID", value:"CSCvf22394");
script_xref(name:"CISCO-SA", value:"cisco-sa-20180328-ike");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/17");
script_name(english:"Cisco IOS XE Software Internet Key Exchange Memory Leak (cisco-sa-20180328-ike)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS XE Software is affected by a denial of service (DoS) vulnerability in
the Internet Key Exchange Version 2 (IKEv2) module due to incorrect processing of certain IKEv2 packets. An
unauthenticated, remote attacker can exploit this, by sending crafted IKEv2 packets to an affected device, in order to
cause a memory leak or a reload of an affected device, leading to a DoS condition.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c962b883");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf22394");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID(s) CSCvf22394.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0158");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/28");
script_set_attribute(attribute:"patch_publication_date", value:"2018/03/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/27");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xe_version.nasl");
script_require_keys("Host/Cisco/IOS-XE/Version");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
product_info = cisco::get_product_info(name:'Cisco IOS XE Software');
version_list = make_list(
'3.16.0S',
'3.16.1S',
'3.16.0aS',
'3.16.1aS',
'3.16.2S',
'3.16.2aS',
'3.16.0bS',
'3.16.0cS',
'3.16.3S',
'3.16.2bS',
'3.16.3aS',
'3.16.4S',
'3.16.4aS',
'3.16.4bS',
'3.16.4gS',
'3.16.5S',
'3.16.4cS',
'3.16.4dS',
'3.16.4eS',
'3.16.5aS',
'3.16.5bS',
'3.17.0S',
'3.17.1S',
'3.17.2S',
'3.17.1aS',
'3.17.3S',
'3.17.4S',
'16.1.1',
'16.1.2',
'16.1.3',
'16.2.1',
'16.2.2',
'3.8.0E',
'3.8.1E',
'3.8.2E',
'3.8.3E',
'3.8.4E',
'16.3.1',
'16.3.2',
'16.3.3',
'16.3.1a',
'16.3.4',
'16.4.1',
'16.4.2',
'3.18.0aS',
'3.18.0S',
'3.18.1S',
'3.18.2S',
'3.18.3S',
'3.18.0SP',
'3.18.1SP',
'3.18.1aSP',
'3.18.1gSP',
'3.18.1bSP',
'3.18.1cSP',
'3.18.2SP',
'3.18.1hSP',
'3.18.2aSP',
'3.18.1iSP',
'3.18.3bSP',
'3.9.0E',
'3.9.1E',
'3.9.2E',
'3.9.2bE',
'3.10.0E',
'3.10.0cE'
);
workarounds = make_list(CISCO_WORKAROUNDS['show_udp_ike'],CISCO_WORKAROUNDS['show_ip_sock_ike']);
workaround_params = make_list();
reporting = make_array(
'port' , product_info['port'],
'severity' , SECURITY_HOLE,
'version' , product_info['version'],
'bug_id' , 'CSCvf22394',
'cmds' , make_list('show udp', 'show ip sockets')
);
cisco::check_and_report(
product_info:product_info,
workarounds:workarounds,
workaround_params:workaround_params,
reporting:reporting,
vuln_versions:version_list
);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
90.5%