Cisco IOS XR Software netconf DoS (cisco-sa-20180502-iosxr)

2020-01-28T00:00:00
ID CISCO-SA-20180502-IOSXR.NASL
Type nessus
Reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-04-02T00:00:00

Description

According to its self-reported version, Cisco IOS XR Software is affected by a denial of service (DoS) vulnerability in the netconf interface due to improper handling of malformed requests. An unauthenticated, remote attacker can exploit this, by sending malicious requests to the affected software, in order to cause the targeted process to restart and a DoS condition on the affected system.

Please see the included Cisco BIDs and Cisco Security Advisory for more information

                                        
                                            #TRUSTED 27b364cef258c6273fe25cff64bf2e13b64ac46726642611d47656387680ed175d513133cc084d21a2236657abe619eff9d7c1f1b679fd6700d24d1f3a7443fe9fa2dc95a24c0a60e393cbe95e4a3260d55bdc77273853a833a28c438c62da6462566ca829ffa6b7a8a772a04c44f744630568136462705f503901d32a865f7456358b77d15d3f6d7d9832beb09b6876cdda309dc40a19e6c702cc10e440b99c7ad4e71d458c482cab9941da67749bcd52ca8c9108254f3c9eafeb2a9b241098b4aa9e135e776baebabd20b0579b6b97a0593b8297e33bdec8ab08deb14a04aabb2d47a85d47421d43e37a1d137aadaaa85ce858878f048430db0a3bbf85560e36e6c8e93ed82f4fdc1fbd76a3a0d6cbcb66c52533c264a8536e529b9f897bdaa03e9091dbaf3606c51b4a3a61b9dfd753ffbb0dc0ee2b6bd43d3a0a8bc1a968bc8e10b950f4aa40df5a866b33579eafcb2157ad96303cc7d82c0f6fb17634379e290d040d9842b0ec86ecffb3b3c1e92e8d72df5d52ec1c7f83a652046cdf0d9f9925d967b57853e27905a902b3d0b2fee66a36fd40c319829df5d31804273e50d47bc5794b8ce8524a12ab895d8c9aff4798541257f6275fac7a1e6aed8ce38c2298b212b3fbd5e09c5d4278419972b7176f5b0ba853350807ca923635b8bcd9aa83f78f40d4921e14ab4e9fe3fa6026a24c63ed670e7d4fd2c90e811ac8d3
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(133265);
  script_version("1.4");
  script_cvs_date("Date: 2020/01/29");

  script_cve_id("CVE-2018-0286");
  script_bugtraq_id(104083);
  script_xref(name:"CISCO-BUG-ID", value:"CSCvg95792");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20180502-iosxr");

  script_name(english:"Cisco IOS XR Software netconf DoS (cisco-sa-20180502-iosxr)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS XR Software is affected by a denial of service (DoS) vulnerability in
the netconf interface due to improper handling of malformed requests. An unauthenticated, remote attacker can exploit
this, by sending malicious requests to the affected software, in order to cause the targeted process to restart and a
DoS condition on the affected system.

Please see the included Cisco BIDs and Cisco Security Advisory for more information");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-iosxr
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?940111af");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg95792");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvg95792");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0286");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/05/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/28");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_xr_version.nasl");
  script_require_keys("Host/Cisco/IOS-XR/Version", "Settings/ParanoidReport");

  exit(0);
}

include('audit.inc');
include('cisco_workarounds.inc');
include('ccf.inc');

if (report_paranoia < 2)
  audit(AUDIT_PARANOID);

product_info = cisco::get_product_info(name:'Cisco IOS XR');

version_list = make_list(
  '6.3.1',
  '6.3.2',
  '6.5.1'
);

workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);
workaround_params = make_list();

reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_WARNING,
  'version'  , product_info['version'],
  'bug_id'   , 'CSCvg95792'
);

cisco::check_and_report(
  product_info:product_info,
  workarounds:workarounds,
  workaround_params:workaround_params,
  reporting:reporting,
  vuln_versions:version_list
);