Lucene search
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-20180926-CMP-IOS.NASLHistoryOct 05, 2018 - 12:00 a.m.
Cisco IOS Software Cluster Management Protocol DoS Vulnerability (cisco-sa-20180926-cmp)
2018-10-0500:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
47
6.1 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
7.4 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
44.1%
According to its self-reported version, the IOS is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.
#TRUSTED 1c6094dcd62c9966a9f8daf5a14edbdb42cad34751d8fb0492dbc16435834dcdf3922a04731754f34a822ef23d97823c19aff21e3c8c7a054e431c8250eed8df3f99ab125df12f50eaafe06b97f1e555f50b9086a29de51742a754519d80edc7adb8b0de887a16087122ea0da46560b7c0a5b257b3706ab9a9c99bf9094a88ee778e1d8eaa520d5465c31b4dff95959959908f6a7aca0236e2594162260c604714c99643a4490ee1fe2dd8441297f71799493d02f39457e856e4619f5bbc15baa5144b3be76f832138ec797fca5b0281b759e6dd0201078f690832969198e601c9cc40a5c951f47d75990a15fa37103914b57e4d014ee8d2e6bd8c65d215ed299ff4f5eb54f11bbc1ef5c74e4a917a384ca86285d243286dcb4fb7169f1d7b0f1c35660feb576d3da142f692deefe28d2916c7c0a82c2e5435003c3b4e85ee3512b3d3a92283d0247df950c9fb14ccddcf95f20e50df0b2e5f7a03dcfe20122b2eb384a2802de66e735cd8921df38fa978640aceca4822c806b789470fb1625ca117a9dd638cd76b3c9ef96d3036793c12b543b3fd4bab78fa33f25ce243102201fd2b430bbca683e4e4e95e3e984be126d2503c0697df7fdb27388aa2d7dd3654fb9284061e52fe5dc35f8fef6dd75d9eecad62303e50fa254497cae044dc09aaa3bd645a0c5f38e60de4554fbdc780aa8c46dfac3dce927de539807454236b
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(117944);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/09/24");
script_cve_id("CVE-2018-0475");
script_xref(name:"CISCO-BUG-ID", value:"CSCvg48576");
script_xref(name:"CISCO-SA", value:"cisco-sa-20180926-cmp");
script_xref(name:"IAVA", value:"2018-A-0312-S");
script_name(english:"Cisco IOS Software Cluster Management Protocol DoS Vulnerability (cisco-sa-20180926-cmp)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the IOS is affected
by one or more vulnerabilities. Please see the included Cisco BIDs
and the Cisco Security Advisory for more information.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmp
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1a1a387f");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg48576");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID(s)
CSCvg48576.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0475");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/26");
script_set_attribute(attribute:"patch_publication_date", value:"2018/09/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/05");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_version.nasl");
script_require_keys("Host/Cisco/IOS/Version");
exit(0);
}
include("audit.inc");
include("cisco_workarounds.inc");
include("ccf.inc");
product_info = cisco::get_product_info(name:"Cisco IOS");
version_list = make_list(
"12.2(22)S",
"12.2(20)S",
"12.2(18)S",
"12.2(25)S",
"12.2(20)S2a",
"12.2(20)S4a",
"12.2(20)S5",
"12.2(18)S1",
"12.2(20)S4",
"12.2(18)S2",
"12.2(18)S4",
"12.2(25)S2",
"12.2(20)S2",
"12.2(18)S3",
"12.2(20)S6",
"12.2(20)S3",
"12.2(25)S1",
"12.2(20)S1",
"12.1(9)EX",
"12.1(22)EA8",
"12.1(20)EA1b",
"12.1(11)EA1a",
"12.1(22)EA12",
"12.1(22)EA6",
"12.1(14)EA1",
"12.1(9)EA1d",
"12.1(19)EA1b",
"12.1(22)EA3",
"12.1(14)EA1b",
"12.1(20)EA2",
"12.1(22)EA4a",
"12.1(8)EA1b",
"12.1(14)EA1a",
"12.1(22)EA5a",
"12.1(22)EA13",
"12.1(22)EA1a",
"12.1(12c)EA1a",
"12.1(13)EA1c",
"12.1(22)EA1b",
"12.1(8)EA1c",
"12.1(22)EA5",
"12.1(22)EA10b",
"12.1(6)EA2a",
"12.1(20)EA1a",
"12.1(22)EA11",
"12.1(22)EA7",
"12.1(6)EA2",
"12.1(9)EA1a",
"12.1(22)EA1",
"12.1(13)EA1b",
"12.1(20)EA1",
"12.1(13)EA1",
"12.1(9)EA1c",
"12.1(6)EA1a",
"12.1(19)EA1a",
"12.1(22)EA2",
"12.1(19)EA1d",
"12.1(22)EA9",
"12.1(6)EA2b",
"12.1(9)EA1",
"12.1(22)EA14",
"12.1(6)EA2c",
"12.1(11)EA1",
"12.1(22)EA8a",
"12.1(12c)EA1",
"12.1(22)EA10a",
"12.1(19)EA1",
"12.1(19)EA1c",
"12.1(6)EA1",
"12.1(22)EA10",
"12.1(22)EA4",
"12.1(13)EA1a",
"12.1(22)EA6a",
"12.2(14)SZ",
"12.2(14)SZ5",
"12.2(14)SZ6",
"12.2(14)SZ3",
"12.2(14)SZ4",
"12.2(14)SZ1",
"12.2(14)SZ2",
"12.2(25)EW",
"12.2(20)EWA",
"12.2(25)EWA",
"12.2(25)EWA6",
"12.2(25)EWA5",
"12.2(25)EWA1",
"12.2(25)EWA10",
"12.2(25)EWA8",
"12.2(20)EWA1",
"12.2(25)EWA11",
"12.2(25)EWA9",
"12.2(25)EWA2",
"12.2(25)EWA14",
"12.2(25)EWA4",
"12.2(20)EWA3",
"12.2(25)EWA3",
"12.2(25)EWA7",
"12.2(20)EWA4",
"12.2(25)EWA12",
"12.2(25)EWA13",
"12.2(20)EWA2",
"12.2(35)SE",
"12.2(18)SE",
"12.2(20)SE",
"12.2(25)SE",
"12.2(37)SE",
"12.2(53)SE1",
"12.2(55)SE",
"12.2(25)SE2",
"12.2(40)SE2",
"12.2(46)SE",
"12.2(46)SE2",
"12.2(50)SE2",
"12.2(35)SE5",
"12.2(50)SE1",
"12.2(44)SE2",
"12.2(20)SE3",
"12.2(35)SE1",
"12.2(50)SE5",
"12.2(44)SE1",
"12.2(53)SE",
"12.2(37)SE1",
"12.2(25)SE3",
"12.2(35)SE3",
"12.2(44)SE4",
"12.2(55)SE3",
"12.2(55)SE2",
"12.2(40)SE",
"12.2(44)SE",
"12.2(52)SE",
"12.2(58)SE",
"12.2(50)SE3",
"12.2(55)SE1",
"12.2(35)SE2",
"12.2(18)SE1",
"12.2(40)SE1",
"12.2(20)SE1",
"12.2(44)SE6",
"12.2(44)SE3",
"12.2(53)SE2",
"12.2(52)SE1",
"12.2(46)SE1",
"12.2(20)SE2",
"12.2(54)SE",
"12.2(44)SE5",
"12.2(50)SE4",
"12.2(50)SE",
"12.2(20)SE4",
"12.2(58)SE1",
"12.2(55)SE4",
"12.2(58)SE2",
"12.2(55)SE5",
"12.2(55)SE6",
"12.2(55)SE7",
"12.2(55)SE8",
"12.2(55)SE9",
"12.2(55)SE10",
"12.2(55)SE11",
"12.2(55)SE12",
"12.1(14)AZ",
"12.2(20)EU",
"12.2(20)EU1",
"12.2(20)EU2",
"12.2(20)EX",
"12.2(44)EX",
"12.2(40)EX3",
"12.2(40)EX",
"12.2(52)EX",
"12.2(44)EX1",
"12.2(40)EX2",
"12.2(40)EX1",
"12.2(55)EX",
"12.2(46)EX",
"12.2(52)EX1",
"12.2(55)EX1",
"12.2(55)EX2",
"12.2(55)EX3",
"12.2(58)EX",
"12.2(25)SEB",
"12.2(25)SEB2",
"12.2(25)SEB1",
"12.2(25)SEB4",
"12.2(25)SEB3",
"12.2(25)SEA",
"12.2(25)EY",
"12.2(46)EY",
"12.2(55)EY",
"12.2(25)EY1",
"12.2(53)EY",
"12.2(25)EY3",
"12.2(37)EY",
"12.2(25)EY2",
"12.2(25)EY4",
"12.2(25)EZ",
"12.2(25)EZ1",
"12.2(58)EZ",
"12.2(53)EZ",
"12.2(55)EZ",
"12.2(60)EZ4",
"12.2(60)EZ5",
"12.2(25)SEC",
"12.2(25)SEC2",
"12.2(25)SEC1",
"12.2(31)SG",
"12.2(25)SG",
"12.2(37)SG",
"12.2(44)SG",
"12.2(50)SG3",
"12.2(31)SG1",
"12.2(31)SG3",
"12.2(50)SG6",
"12.2(53)SG1",
"12.2(46)SG",
"12.2(25)SG1",
"12.2(53)SG2",
"12.2(50)SG5",
"12.2(37)SG1",
"12.2(53)SG3",
"12.2(50)SG8",
"12.2(25)SG3",
"12.2(50)SG2",
"12.2(40)SG",
"12.2(25)SG2",
"12.2(54)SG1",
"12.2(44)SG1",
"12.2(50)SG1",
"12.2(52)SG",
"12.2(54)SG",
"12.2(31)SG2",
"12.2(50)SG",
"12.2(25)SG4",
"12.2(50)SG7",
"12.2(53)SG4",
"12.2(50)SG4",
"12.2(46)SG1",
"12.2(53)SG5",
"12.2(53)SG6",
"12.2(53)SG7",
"12.2(53)SG8",
"12.2(53)SG9",
"12.2(53)SG10",
"12.2(53)SG11",
"12.2(25)FX",
"12.2(25)FY",
"12.2(25)SEF",
"12.2(25)SEF1",
"12.2(25)SEF2",
"12.2(25)SEF3",
"12.2(25)SEE",
"12.2(25)SEE1",
"12.2(25)SEE3",
"12.2(25)SEE4",
"12.2(25)SEE2",
"12.2(25)SED",
"12.2(25)SED1",
"12.2(31)SGA",
"12.2(31)SGA3",
"12.2(31)SGA2",
"12.2(31)SGA10",
"12.2(31)SGA5",
"12.2(31)SGA4",
"12.2(31)SGA11",
"12.2(31)SGA6",
"12.2(31)SGA1",
"12.2(31)SGA7",
"12.2(31)SGA8",
"12.2(31)SGA9",
"12.2(25)SEG",
"12.2(25)SEG1",
"12.2(25)SEG3",
"12.2(25)FZ",
"12.2(52)XO",
"12.2(54)XO",
"12.2(40)XO",
"12.2(44)SQ",
"12.2(44)SQ2",
"12.2(50)SQ2",
"12.2(50)SQ1",
"12.2(50)SQ",
"12.2(50)SQ3",
"12.2(50)SQ4",
"12.2(50)SQ5",
"12.2(50)SQ6",
"12.2(50)SQ7",
"15.0(1)XO1",
"15.0(1)XO",
"15.0(2)XO",
"15.0(1)EY",
"15.0(1)EY1",
"15.0(1)EY2",
"15.0(2)EY",
"15.0(2)EY1",
"15.0(2)EY2",
"15.0(2)EY3",
"12.2(54)WO",
"12.2(27)SBK9",
"15.0(1)SE",
"15.0(2)SE",
"15.0(1)SE1",
"15.0(1)SE2",
"15.0(1)SE3",
"15.0(2)SE1",
"15.0(2)SE2",
"15.0(2)SE3",
"15.0(2)SE4",
"15.0(2)SE5",
"15.0(2)SE6",
"15.0(2)SE7",
"15.0(2)SE8",
"15.0(2)SE9",
"15.0(2a)SE9",
"15.0(2)SE10",
"15.0(2)SE11",
"15.0(2)SE10a",
"15.1(1)SG",
"15.1(2)SG",
"15.1(1)SG1",
"15.1(1)SG2",
"15.1(2)SG1",
"15.1(2)SG2",
"15.1(2)SG3",
"15.1(2)SG4",
"15.1(2)SG5",
"15.1(2)SG6",
"15.1(2)SG7",
"15.1(2)SG8",
"15.1(2)SG8a",
"15.0(2)SG",
"15.0(2)SG1",
"15.0(2)SG2",
"15.0(2)SG3",
"15.0(2)SG4",
"15.0(2)SG5",
"15.0(2)SG6",
"15.0(2)SG7",
"15.0(2)SG8",
"15.0(2)SG9",
"15.0(2)SG10",
"15.0(2)SG11",
"15.0(2)EX",
"15.0(2)EX1",
"15.0(2)EX2",
"15.0(2)EX3",
"15.0(2)EX4",
"15.0(2)EX5",
"15.0(2)EX6",
"15.0(2)EX7",
"15.0(2)EX8",
"15.0(2a)EX5",
"15.0(2)EX10",
"15.0(2)EX11",
"15.0(2)EX13",
"15.0(2)EX12",
"15.2(1)E",
"15.2(2)E",
"15.2(1)E1",
"15.2(3)E",
"15.2(1)E2",
"15.2(1)E3",
"15.2(2)E1",
"15.2(2b)E",
"15.2(4)E",
"15.2(3)E1",
"15.2(2)E2",
"15.2(2a)E1",
"15.2(2)E3",
"15.2(2a)E2",
"15.2(3)E2",
"15.2(3a)E",
"15.2(3)E3",
"15.2(3m)E2",
"15.2(4)E1",
"15.2(2)E4",
"15.2(2)E5",
"15.2(4)E2",
"15.2(4m)E1",
"15.2(3)E4",
"15.2(5)E",
"15.2(3m)E7",
"15.2(4)E3",
"15.2(2)E6",
"15.2(5a)E",
"15.2(5)E1",
"15.2(5b)E",
"15.2(4m)E3",
"15.2(3m)E8",
"15.2(2)E5a",
"15.2(5c)E",
"15.2(3)E5",
"15.2(2)E5b",
"15.2(4n)E2",
"15.2(4o)E2",
"15.2(5a)E1",
"15.2(4)E4",
"15.2(2)E7",
"15.2(5)E2",
"15.2(4p)E1",
"15.2(6)E",
"15.2(5)E2b",
"15.2(4)E5",
"15.2(5)E2c",
"15.2(4m)E2",
"15.2(4o)E3",
"15.2(4q)E1",
"15.2(6)E0a",
"15.2(2)E7b",
"15.2(4)E5a",
"15.2(6)E0c",
"15.2(4s)E1",
"15.0(2)EZ",
"15.2(2)SC1",
"15.2(2)SC3",
"15.2(2)SC4",
"15.2(1)EY",
"15.0(2)EJ",
"15.0(2)EJ1",
"15.2(5)EX",
"15.2(2)EB",
"15.2(2)EB1",
"15.2(2)EB2",
"15.2(2)EA",
"15.2(2)EA1",
"15.2(2)EA2",
"15.2(3)EA",
"15.2(3)EA1",
"15.2(4)EA",
"15.2(4)EA1",
"15.2(2)EA3",
"15.2(4)EA3",
"15.2(5)EA",
"15.2(4)EA4",
"15.2(4)EA2",
"15.2(4)EA5",
"15.2(4a)EA5",
"15.2(4)EA6",
"15.0(2)SQD",
"15.0(2)SQD1",
"15.0(2)SQD2",
"15.0(2)SQD3",
"15.0(2)SQD4",
"15.0(2)SQD5",
"15.0(2)SQD6",
"15.0(2)SQD7",
"15.0(2)SQD8",
"15.6(2)SP6",
"15.2(4)EC1",
"15.2(4)EC2",
"15.1(3)SVK4b",
"15.1(3)SVO2",
"12.2(6)I1"
);
workarounds = make_list(CISCO_WORKAROUNDS['cluster']);
workaround_params = {'is_member' : 1};
reporting = make_array(
'port' , product_info['port'],
'severity' , SECURITY_WARNING,
'version' , product_info['version'],
'bug_id' , "CSCvg48576",
'cmds' , make_list("show running-config")
);
cisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list);
Related
prion
prion
Input validation
2018-10-05 14:29:00
nessus
nessus
cvelist
cvelist
cve
cve
CVE-2018-0475
2018-10-05 14:29:05
nvd
nvd
CVE-2018-0475
2018-10-05 14:29:05
cisco
cisco
6.1 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
7.4 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
44.1%
Related for CISCO-SA-20180926-CMP-IOS.NASL