Cisco IOS XE Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities (cisco-sa-20180328-lldp)

2018-04-06T00:00:00
ID CISCO-SA-20180328-LLDP-IOSXE.NASL
Type nessus
Reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-04-02T00:00:00

Description

According to its self-reported version, the IOS XE is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.

                                        
                                            #TRUSTED 0a5607a614855768a2c215f124d2b4adf1ea1f4296eab5c882259168ab0e37861df405ab71ed321ebd7ae124f902efb917ba6f65daf1cb12cbf8fd5b1ed35964f38ad799d8cd8ceae4ecfa12fcc0e5c3c0503a7ffbc034f75c882f713d1dcd860f8eb0c323ff383cb34100f63a9d80199c8753c0e1ba2716bb0f6bf2c55738c1e683772087fd757f46a8aa36409b9ae812622b9c7f44fb16eb73e0ca2acb105da8844a427cc4e8f42a4f7cc032e3dbe6e4c14b08901dd0ba17f2080912b7e7dabe19cc6bca7c90bdf8fe80781e40dd6a787ccee9ac75d2f5b99b15adf01ffd8b28e2e6a311d8bcb254f36ca5d1e0827a67aa50cee3fd656fd4bed9190abda86cd52d8204623e2dc220f287a95cc76a65862794a15b8b96940c90369d78cfc62ffdb643941063350eda13553fc9c4e736f8c3659434f4f53daefbcbe7cef0107d5c8d9f6b296971567e837de065f50f61fd3ae638b04761a4edff13d765dc9f15f6fb660a5b630a30f64ffee9fd67fabfba4e67d96ab4331c6567834a73b288422001fa79dff205c698104741c733e24d4c476ced872f2b4e55a9c85fccea301534451227a8343404f6575cc97169e93df4421f961bfb811c742879fb07fa87b45030915b5869475202ebf6acd1ee3b9998b3532b621be8154a7639430e8a64f2c2487c39fea6f96ac030f8b2556d928ec3023b1138fbc0511a555d5a39dced2e
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(108881);
  script_version("1.8");
  script_cvs_date("Date: 2019/11/08");

  script_cve_id("CVE-2018-0167", "CVE-2018-0175");
  script_bugtraq_id(103564);
  script_xref(name:"CISCO-BUG-ID", value:"CSCvd73487");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvd73664");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20180328-lldp");

  script_name(english:"Cisco IOS XE Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities (cisco-sa-20180328-lldp)");
  script_summary(english:"Checks the IOS XE version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the IOS XE is affected
by one or more vulnerabilities. Please see the included Cisco BIDs
and the Cisco Security Advisory for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9b0c7a7a");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd73487");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd73664");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID(s)
CSCvd73487 and CSCvd73664.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cpe:/o:cisco:ios_xe");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_xe_version.nasl");
  script_require_keys("Host/Cisco/IOS-XE/Version");

  exit(0);
}

include("audit.inc");
include("cisco_workarounds.inc");
include("ccf.inc");

product_info = cisco::get_product_info(name:"Cisco IOS XE Software");

version_list = make_list(
  "3.10.8S",
  "3.10.9S",
  "3.10.10S",
  "15.3(3)S8a",
  "15.1(2)SNH",
  "15.1(2)SNI",
  "15.1(2)SNI1",
  "15.2(2)SNG",
  "15.4(1)T",
  "15.4(2)T",
  "15.4(1)T2",
  "15.4(1)T1",
  "15.4(1)T3",
  "15.4(2)T1",
  "15.4(2)T3",
  "15.4(2)T2",
  "15.4(1)T4",
  "15.4(2)T4",
  "15.2(2)JA",
  "15.2(2)JA1",
  "15.2(4)JA",
  "15.2(4)JA1",
  "15.0(2)EC",
  "15.0(2)EB",
  "3.5.0E",
  "3.6.0E",
  "3.5.1E",
  "3.7.0E",
  "3.5.2E",
  "3.5.3E",
  "3.6.1E",
  "15.2(4)E",
  "15.2(3)E1",
  "3.6.2E",
  "15.2(2a)E1",
  "3.6.3E",
  "15.2(2a)E2",
  "15.2(3)E2",
  "15.2(3a)E",
  "15.2(3)E3",
  "15.2(3m)E2",
  "3.7.1E",
  "3.6.4E",
  "15.2(2)E5",
  "3.7.2E",
  "15.2(4m)E1",
  "15.2(3)E4",
  "15.2(5)E",
  "3.7.3E",
  "15.2(2)E6",
  "15.2(5a)E",
  "15.2(5)E1",
  "15.2(5b)E",
  "15.2(4m)E3",
  "15.2(3m)E8",
  "15.2(2)E5a",
  "15.2(5c)E",
  "15.2(3)E5",
  "15.2(2)E5b",
  "15.2(4n)E2",
  "15.2(4o)E2",
  "15.2(5a)E1",
  "15.2(4)E4",
  "15.2(2)E7",
  "15.2(5)E2",
  "15.2(4p)E1",
  "15.2(6)E",
  "15.2(5)E2b",
  "15.2(4)E5",
  "15.2(5)E2c",
  "15.2(4m)E2",
  "15.2(4o)E3",
  "15.2(4q)E1",
  "15.2(6)E0a",
  "15.2(6)E0b",
  "15.2(2)E7b",
  "15.2(4)E5a",
  "15.1(3)MRA",
  "15.1(3)MRA1",
  "15.1(3)MRA2",
  "15.1(3)MRA3",
  "15.1(3)MRA4",
  "15.2(2)SNH1",
  "15.1(3)SVB1",
  "15.1(3)SVB2",
  "15.0(2)ED",
  "15.0(2)ED1",
  "15.2(2)JB",
  "15.2(2)JB2",
  "15.2(4)JB",
  "15.2(2)JB3",
  "15.2(4)JB1",
  "15.2(4)JB2",
  "15.2(4)JB3",
  "15.2(4)JB3a",
  "15.2(2)JB4",
  "15.2(4)JB4",
  "15.2(4)JB3h",
  "15.2(4)JB3b",
  "15.2(4)JB3s",
  "15.2(4)JB5h",
  "15.2(4)JB5",
  "15.2(4)JB5m",
  "15.2(4)JB6",
  "15.2(2)JB5",
  "15.2(2)JB6",
  "3.11.0S",
  "3.12.0S",
  "3.13.0S",
  "3.11.1S",
  "3.11.2S",
  "3.12.1S",
  "3.11.3S",
  "3.13.1S",
  "3.12.2S",
  "3.13.2S",
  "3.13.3S",
  "15.4(1)S4",
  "3.12.3S",
  "3.12.4S",
  "3.13.4S",
  "3.13.5S",
  "3.13.6S",
  "3.13.7S",
  "15.4(3)S6a",
  "15.3(3)JPB",
  "15.3(3)JPB1",
  "15.3(3)JD",
  "15.3(3)JD2",
  "15.3(3)JD3",
  "15.3(3)JD4",
  "15.3(3)JD5",
  "15.3(3)JD6",
  "15.3(3)JD7",
  "15.3(3)JD8",
  "15.3(3)JD9",
  "15.3(3)JD11",
  "15.6(3)M",
  "15.6(3)M1",
  "15.6(3)M0a",
  "15.6(3)M1b",
  "15.6(3)M2",
  "15.6(3)M2a",
  "15.1(3)SVJ2",
  "15.2(4)EC1",
  "15.2(4)EC2",
  "15.3(3)JPC",
  "15.3(3)JPC1",
  "15.3(3)JPC2",
  "15.3(3)JPC3",
  "15.3(3)JPC100",
  "15.3(3)JPC5",
  "15.3(3)JND",
  "15.3(3)JND1",
  "15.3(3)JND2",
  "15.3(3)JND3",
  "15.4(1)SY",
  "15.4(1)SY1",
  "15.4(1)SY2",
  "15.4(1)SY3",
  "15.3(3)JE",
  "15.3(3)JPD",
  "15.3(3)JDA7",
  "15.3(3)JDA8",
  "15.3(3)JDA9",
  "15.3(3)JDA11",
  "15.5(1)SY",
  "15.3(3)JF",
  "15.3(3)JF1",
  "15.3(3)JF2",
  "15.3(3)JCA7",
  "15.3(3)JCA8",
  "15.3(3)JCA9",
  "15.7(3)M0a"
);

workarounds = make_list(CISCO_WORKAROUNDS['show_lldp']);
workaround_params = make_list();


reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_HOLE,
  'version'  , product_info['version'],
  'bug_id'   , "CSCvd73487/CSCvd73664",
  'cmds'     , make_list("show lldp")
);

cisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list);