Lucene search
This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-20181003-FP-SMB-SNORT.NASLHistoryJan 28, 2021 - 12:00 a.m.
Cisco Firepower System Software Detection Engine DoS (cisco-sa-20181003-fp-smb-snort)
2021-01-2800:00:00
This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
cisco firepower system software
denial of service
smbv2
smbv3
remote attack
system memory depletion
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.002
Percentile
53.2%
According to its self-reported version, Cisco (FTD) Software is affected by a Denial of Service (DoS) vulnerability within the Server Message Block Version 2 (SMBv2) and Version 3 (SMBv3) protocol implementation due to incorrect header validation. An an unauthenticated, remote attacker can cause the device to run low on system memory, possibly preventing the device from forwarding traffic.
Please see the included Cisco BIDs and Cisco Security Advisory for more information
#TRUSTED 6c1b3d4daf81ac8fb2d85b78913410d96a17bc52c5fdafccefbe96a56c1c3a0680d957ac073d14cb7536b53cfdcfc9b17b5fb4053e95eb67cc660067ab5cb5ff3ea14eab0927f69eeeeb759a54046158b501fec7d86a9920703f2afecabae163f4144bc5a6328074fa29a1f6aa4c87e7f334c1c5f473e8c15cff2678033cf2300b81dfe8bdc296637ddf0e8aab2464dceea774a9610cd97bb0dcbd4085856b00592d0cd3820b990835909513ebdad128ad7fd7421fd68f3ec46a4d060b88de79dc5c8203ac036afa31d126645c08624368b33f210076ec0d0142f011190392caef46f0c2eb0a6d4d010576a7a7ff8ad2034cb3e12aa1c64e063f87801bf1760d62c3442c841b123e866a7ae61e006651df27e14e9be0521df9d62936a351259c463157411fd68e2bbb4f35def2a90b9c4f387e5f6368f8584b1b9bed2868475064bac41740d9d6ff1cf17eb6c2a5a7610b7925fa182aace13613cf6a4c409a0f2238cd63de38879ff03679b4f4dda5e531ff2f1be68fc68eec0543dd2e81f7459b45744640906cc9d1bc44d37f6e349ecd2747b6a7ad32527a151b36fcfd54c158a569364cec9d1151759e56a38d712902a147afadf58186578deefb814a55d7c3c29de689b7fa2c89a6f7bba6b05e0cd34c83cacbf05c22966313979ec328b13c060fb7554e1113aeae15fd673133e3cd4ecbd0c584739d80a76162a9b5cf39
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(145537);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/29");
script_cve_id("CVE-2018-0455");
script_xref(name:"CISCO-BUG-ID", value:"CSCvg28189");
script_xref(name:"CISCO-SA", value:"cisco-sa-20181003-fp-smb-snort");
script_name(english:"Cisco Firepower System Software Detection Engine DoS (cisco-sa-20181003-fp-smb-snort)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco (FTD) Software is affected by a Denial of Service (DoS)
vulnerability within the Server Message Block Version 2 (SMBv2) and Version 3 (SMBv3) protocol implementation
due to incorrect header validation. An an unauthenticated, remote attacker can cause the device to run low
on system memory, possibly preventing the device from forwarding traffic.
Please see the included Cisco BIDs and Cisco Security Advisory for more information");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-fp-smb-snort
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f3e0d812");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg28189");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvg28189.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0455");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(19);
script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/03");
script_set_attribute(attribute:"patch_publication_date", value:"2018/10/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:firepower");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:firepower_threat_defense");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_enumerate_firepower.nbin");
script_require_keys("installed_sw/Cisco Firepower Threat Defense");
exit(0);
}
include('ccf.inc');
product_info = cisco::get_product_info(name:'Cisco Firepower Threat Defense');
upper_model = toupper(product_info['model']);
is_ASA = get_kb_item('Host/Cisco/ASA');
NGIPS = toupper(get_kb_item('Host/Cisco/Firepower'));
// Check Only Affected Models
// Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances
// Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances
// guessing on this one from cisco datasheets & can't find in lab
check_amp = upper_model =~ "AMP[78][0-9]{3}($|[^0-9])";
// Firepower Threat Defense Virtual
check_ftdv = 'FTDV' >< upper_model;
// FirePOWER Threat Defense for Integrated Services Routers (ISRs)
check_isr = upper_model =~ "^ISR";
// Next-Generation Intrusion Prevention System (NGIPSv)
// Virtual Next-Generation Intrusion Prevention System (NGIPSv)
// Host/Cisco/Firepower=NGIPSv for VMware (69) Version 6.2.3 (Build 83)
check_ngips = "NGIPS" >< NGIPS;
// Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services
// Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls
check_asa = upper_model =~ "ASA55[0-9][0-9]-X" && is_ASA;
// Firepower 2100 Series Security Appliances
// Firepower 4100 Series Security Appliances
check_fp1 = upper_model =~ "[24]1[0-9]{2}" && !is_ASA;
// FirePOWER 7000 Series Appliances
// FirePOWER 8000 Series Appliances
check_fp2 = upper_model =~ "[78][0-9]{3}" && !is_ASA;
// Firepower 9300 Series Security Appliances
check_fpsec = upper_model =~ "93[0-9]{2}" && !is_ASA;
// Industrial Ethernet 3000 Series Switches
check_ie = upper_model =~ "IE-3[0-9]{3}-";
if (!check_amp &&
!check_ftdv &&
!check_isr &&
!check_ngips &&
!check_asa &&
!check_fp1 &&
!check_fp2 &&
!check_ie
)
audit(AUDIT_HOST_NOT, 'an affected model');
vuln_ranges = [
{'min_ver' : '6.0.0.0', 'fix_ver' : '6.1.0.7'},
{'min_ver' : '6.2.0.0', 'fix_ver' : '6.2.0.5'},
{'min_ver' : '6.2.1.0', 'fix_ver' : '6.2.2.3'}
];
reporting = make_array(
'port' , 0,
'severity' , SECURITY_WARNING,
'version' , product_info['version'],
'bug_id' , 'CSCvg28189',
'disable_caveat', TRUE
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_ranges:vuln_ranges
);
Related
cvelist
cvelist
cisco
cisco
cve
cve
CVE-2018-0455
2018-10-05 14:29:03
prion
prion
Design/Logic Flaw
2018-10-05 14:29:00
nvd
nvd
CVE-2018-0455
2018-10-05 14:29:03
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.002
Percentile
53.2%
Related for CISCO-SA-20181003-FP-SMB-SNORT.NASL