Cisco IOS Denial of Service Vulnerability (cisco-sa-20190925-sip-dos)

#TRUSTED abd1d5a8a60a8ac82393dd0485dd51e186e1eb67c3e0c60299c05ad3f5e7bb3497f267ffe81f89435e9254d7baae165f0c685fc7600def9f8dc486dde9b0f04abe1ca24574f0a93b5af1b11f3776b7b42bed85caf8a900139b30f623e5e70d8d3dcf023b0ef0634f5d05cad2e9e797b53740d839e3103ceb5079b964c917c3a7117d1b79f005697cde5caeb3108994356585d5886a09ce0b01fcf3b338821298bd62e8a20567bb1b68dd5a60d56c6b2115468af7570e50f764b7939a4f3d42931c7185daed814cf02249494f24ca24e529916a650305032704ed898d2ec3e1279033f958ceb0511115d84df27ff1098345b7397c2e0557509366279a42c4678291cce78216d5ed90382f6a3db5fe597e7df4c09922b12b6c3c8318b23ac6b6f932802d51e136c681a7a563a1c8a9cb0418e4b4a19ef3eb0d4349667d5fa27cad33907f4865d4ff5b56d3b2bf2368c37568e66dff6ffcea5f080885e630fc2e2371acf41b62a2b8c4609ed79a467614de723624e048095aa4d20336557d13525974de14c6457892773519e697682f25038f8b7a6b49d5060068b4a043fa73841af13ab8dd971c9efe77b72848a69ea6be7becf88f91f5f1b6ab7983a5cc95be0e8ae6de7b603d14915afb000b330725bb97081ce2c9e2f4852930dccad29ca59ca787bdacd4912c19d284e62adc25f139e67d978c7cfa8efa30d0c982017a13c5
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(129694);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/09/24");

  script_cve_id("CVE-2019-12654");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvn00218");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20190925-sip-dos");
  script_xref(name:"IAVA", value:"2019-A-0354-S");

  script_name(english:"Cisco IOS Denial of Service Vulnerability (cisco-sa-20190925-sip-dos)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"A denial of service (DoS) vulnerability exists in the Session 
  Initiation Protocol (SIP) component of Cisco IOS due to insufficient checks on an internal data structure which 
  is populated with user submitted data. An unauthenticated, remote attacker can exploit this issue to force a restart
  of the system.");
  # https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn00218
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6e59804f");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e0995245");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID(s)CSCvn00218.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12654");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(476);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/08");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_version.nasl");
  script_require_keys("Host/Cisco/IOS/Version");

  exit(0);
}

include('ccf.inc');
include('cisco_workarounds.inc');

product_info = cisco::get_product_info(name:'Cisco IOS');

version_list = make_list(
  '15.0(1)XA2',
  '15.0(1)XA4',
  '15.0(1)XA1',
  '15.0(1)XA3',
  '15.0(1)XA',
  '15.0(1)XA5',
  '15.1(2)T',
  '15.1(1)T4',
  '15.1(3)T2',
  '15.1(1)T1',
  '15.1(2)T0a',
  '15.1(3)T3',
  '15.1(1)T3',
  '15.1(2)T3',
  '15.1(2)T4',
  '15.1(1)T2',
  '15.1(3)T',
  '15.1(2)T2a',
  '15.1(3)T1',
  '15.1(1)T',
  '15.1(2)T2',
  '15.1(2)T1',
  '15.1(2)T5',
  '15.1(3)T4',
  '15.1(1)T5',
  '15.1(1)XB',
  '15.1(1)XB3',
  '15.1(1)XB1',
  '15.1(1)XB2',
  '15.1(4)XB4',
  '15.1(4)XB5',
  '15.1(4)XB6',
  '15.1(4)XB5a',
  '15.1(4)XB7',
  '15.1(4)XB8',
  '15.1(4)XB8a',
  '15.0(1)S2',
  '15.0(1)S1',
  '15.0(1)S',
  '15.0(1)S3a',
  '15.0(1)S4',
  '15.0(1)S5',
  '15.0(1)S4a',
  '15.0(1)S6',
  '15.2(1)S',
  '15.2(2)S',
  '15.2(1)S1',
  '15.2(4)S',
  '15.2(1)S2',
  '15.2(2)S1',
  '15.2(2)S2',
  '15.2(2)S0a',
  '15.2(2)S0c',
  '15.2(2)S0d',
  '15.2(4)S1',
  '15.2(4)S4',
  '15.2(4)S6',
  '15.2(4)S2',
  '15.2(4)S5',
  '15.2(4)S3',
  '15.2(4)S0c',
  '15.2(4)S1c',
  '15.2(4)S3a',
  '15.2(4)S4a',
  '15.2(4)S7',
  '15.2(4)S8',
  '15.3(1)T',
  '15.3(2)T',
  '15.3(1)T1',
  '15.3(1)T2',
  '15.3(1)T3',
  '15.3(1)T4',
  '15.3(2)T1',
  '15.3(2)T2',
  '15.3(2)T3',
  '15.3(2)T4',
  '15.1(2)S',
  '15.1(1)S',
  '15.1(1)S1',
  '15.1(3)S',
  '15.1(1)S2',
  '15.1(2)S1',
  '15.1(2)S2',
  '15.1(3)S1',
  '15.1(3)S0a',
  '15.1(3)S2',
  '15.1(3)S4',
  '15.1(3)S3',
  '15.1(3)S5',
  '15.1(3)S6',
  '15.1(3)S5a',
  '15.1(3)S7',
  '15.1(4)M3',
  '15.1(4)M',
  '15.1(4)M1',
  '15.1(4)M2',
  '15.1(4)M6',
  '15.1(4)M5',
  '15.1(4)M4',
  '15.1(4)M0a',
  '15.1(4)M0b',
  '15.1(4)M7',
  '15.1(4)M3a',
  '15.1(4)M10',
  '15.1(4)M8',
  '15.1(4)M9',
  '15.1(4)M12a',
  '15.1(2)GC',
  '15.1(2)GC1',
  '15.1(2)GC2',
  '15.1(4)GC',
  '15.1(4)GC1',
  '15.1(4)GC2',
  '15.0(1)MR',
  '15.0(2)MR',
  '15.2(4)M',
  '15.2(4)M1',
  '15.2(4)M2',
  '15.2(4)M4',
  '15.2(4)M3',
  '15.2(4)M5',
  '15.2(4)M8',
  '15.2(4)M10',
  '15.2(4)M7',
  '15.2(4)M6',
  '15.2(4)M9',
  '15.2(4)M6b',
  '15.2(4)M6a',
  '15.2(4)M11',
  '15.2(1)GC',
  '15.2(1)GC1',
  '15.2(1)GC2',
  '15.2(2)GC',
  '15.2(3)GC',
  '15.2(3)GC1',
  '15.2(4)GC',
  '15.2(4)GC1',
  '15.2(4)GC2',
  '15.2(4)GC3',
  '15.3(1)S',
  '15.3(2)S',
  '15.3(3)S',
  '15.3(1)S2',
  '15.3(1)S1',
  '15.3(2)S2',
  '15.3(2)S1',
  '15.3(1)S1e',
  '15.3(3)S1',
  '15.3(3)S2',
  '15.3(3)S3',
  '15.3(3)S6',
  '15.3(3)S4',
  '15.3(3)S1a',
  '15.3(3)S5',
  '15.3(3)S2a',
  '15.3(3)S7',
  '15.3(3)S8',
  '15.3(3)S6a',
  '15.3(3)S9',
  '15.3(3)S10',
  '15.3(3)S8a',
  '15.4(1)T',
  '15.4(2)T',
  '15.4(1)T2',
  '15.4(1)T1',
  '15.4(1)T3',
  '15.4(2)T1',
  '15.4(2)T3',
  '15.4(2)T2',
  '15.4(1)T4',
  '15.4(2)T4',
  '15.1(3)MRA',
  '15.1(3)MRA1',
  '15.1(3)MRA2',
  '15.1(3)MRA3',
  '15.1(3)MRA4',
  '15.1(3)SVB1',
  '15.1(3)SVB2',
  '15.2(2)JB1',
  '15.2(2)JB',
  '15.2(2)JB2',
  '15.2(4)JB',
  '15.2(2)JB3',
  '15.2(4)JB1',
  '15.2(4)JB2',
  '15.2(4)JB3',
  '15.2(4)JB3a',
  '15.2(2)JB4',
  '15.2(4)JB4',
  '15.2(4)JB3h',
  '15.2(4)JB3b',
  '15.2(4)JB3s',
  '15.2(4)JB5h',
  '15.2(4)JB5',
  '15.2(4)JB5m',
  '15.2(4)JB6',
  '15.2(2)JB5',
  '15.2(2)JB6',
  '15.4(1)S',
  '15.4(2)S',
  '15.4(3)S',
  '15.4(1)S1',
  '15.4(1)S2',
  '15.4(2)S1',
  '15.4(1)S3',
  '15.4(3)S1',
  '15.4(2)S2',
  '15.4(3)S2',
  '15.4(3)S3',
  '15.4(1)S4',
  '15.4(2)S3',
  '15.4(2)S4',
  '15.4(3)S0d',
  '15.4(3)S4',
  '15.4(3)S0e',
  '15.4(3)S5',
  '15.4(3)S0f',
  '15.4(3)S6',
  '15.4(3)S7',
  '15.4(3)S6a',
  '15.4(3)S8',
  '15.4(3)S9',
  '15.4(3)S10',
  '15.2(2)JAX',
  '15.2(2)JAX1',
  '15.3(3)M',
  '15.3(3)M1',
  '15.3(3)M2',
  '15.3(3)M3',
  '15.3(3)M5',
  '15.3(3)M4',
  '15.3(3)M6',
  '15.3(3)M7',
  '15.3(3)M8',
  '15.3(3)M9',
  '15.3(3)M10',
  '15.3(3)M8a',
  '15.2(4)JN',
  '15.2(1)SC1a',
  '15.2(2)SC',
  '15.2(2)SC1',
  '15.2(2)SC3',
  '15.2(2)SC4',
  '15.1(3)SVD',
  '15.1(3)SVD1',
  '15.1(3)SVD2',
  '15.1(3)SVD3',
  '15.1(3)SVF',
  '15.1(3)SVF1',
  '15.1(3)SVF2',
  '15.1(3)SVF2a',
  '15.1(3)SVF4b',
  '15.1(3)SVF4d',
  '15.1(3)SVF4e',
  '15.1(3)SVF4f',
  '15.1(3)SVF4c',
  '15.1(3)SVE',
  '15.4(3)M',
  '15.4(3)M1',
  '15.4(3)M2',
  '15.4(3)M3',
  '15.4(3)M4',
  '15.4(3)M5',
  '15.4(3)M6',
  '15.4(3)M7',
  '15.4(3)M6a',
  '15.4(3)M7a',
  '15.4(3)M8',
  '15.4(3)M9',
  '15.4(3)M10',
  '15.2(1)SD1',
  '15.2(1)SD2',
  '15.2(1)SD3',
  '15.2(1)SD4',
  '15.2(1)SD6',
  '15.2(1)SD6a',
  '15.2(1)SD7',
  '15.2(1)SD8',
  '15.2(4)JAZ',
  '15.2(4)JAZ1',
  '15.3(3)XB12',
  '15.4(1)CG',
  '15.4(1)CG1',
  '15.4(2)CG',
  '15.5(1)S',
  '15.5(2)S',
  '15.5(1)S1',
  '15.5(3)S',
  '15.5(1)S2',
  '15.5(1)S3',
  '15.5(2)S1',
  '15.5(2)S2',
  '15.5(3)S1',
  '15.5(3)S1a',
  '15.5(2)S3',
  '15.5(3)S2',
  '15.5(3)S0a',
  '15.5(3)S3',
  '15.5(1)S4',
  '15.5(2)S4',
  '15.5(3)S4',
  '15.5(3)S5',
  '15.5(3)S6',
  '15.5(3)S6a',
  '15.5(3)S7',
  '15.5(3)S6b',
  '15.5(3)S8',
  '15.5(3)S9',
  '15.1(3)SVG',
  '15.1(3)SVG2',
  '15.1(3)SVG3',
  '15.1(3)SVG1b',
  '15.1(3)SVG1c',
  '15.1(3)SVG3a',
  '15.1(3)SVG3b',
  '15.1(3)SVG3c',
  '15.1(3)SVG2a',
  '15.1(3)SVG1a',
  '15.5(1)T',
  '15.5(1)T1',
  '15.5(2)T',
  '15.5(1)T2',
  '15.5(1)T3',
  '15.5(2)T1',
  '15.5(2)T2',
  '15.5(2)T3',
  '15.5(2)T4',
  '15.5(1)T4',
  '15.4(2)SN',
  '15.4(2)SN1',
  '15.4(3)SN1',
  '15.4(3)SN1a',
  '15.3(3)JN',
  '15.3(3)JN1',
  '15.3(3)JN2',
  '15.3(3)JN3',
  '15.3(3)JN4',
  '15.3(3)JN6',
  '15.3(3)JN7',
  '15.3(3)JN8',
  '15.3(3)JN9',
  '15.3(3)JN11',
  '15.3(3)JN13',
  '15.3(3)JN14',
  '15.3(3)JN15',
  '15.1(3)SVH',
  '15.1(3)SVH2',
  '15.1(3)SVH4',
  '15.1(3)SVH4a',
  '15.5(3)M',
  '15.5(3)M1',
  '15.5(3)M0a',
  '15.5(3)M2',
  '15.5(3)M2a',
  '15.5(3)M3',
  '15.5(3)M4',
  '15.5(3)M4a',
  '15.5(3)M5',
  '15.5(3)M4b',
  '15.5(3)M4c',
  '15.5(3)M6',
  '15.5(3)M5a',
  '15.5(3)M7',
  '15.5(3)M6a',
  '15.5(3)M8',
  '15.5(3)M9',
  '15.3(3)JA',
  '15.3(3)JA1n',
  '15.3(3)JA1m',
  '15.3(3)JA1',
  '15.3(3)JA2',
  '15.3(3)JA3',
  '15.3(3)JA4',
  '15.3(3)JA5',
  '15.3(3)JA6',
  '15.3(3)JA7',
  '15.3(3)JA8',
  '15.3(3)JA10',
  '15.3(3)JA11',
  '15.3(3)JA12',
  '15.3(3)JAA',
  '15.3(3)JAA11',
  '15.3(3)JAA1',
  '15.3(3)JAA12',
  '15.3(3)JAB',
  '15.3(3)JB',
  '15.5(1)SN',
  '15.5(1)SN1',
  '15.5(2)SN',
  '15.5(3)SN0a',
  '15.5(3)SN',
  '15.6(1)S',
  '15.6(2)S',
  '15.6(2)S1',
  '15.6(1)S1',
  '15.6(1)S2',
  '15.6(2)S2',
  '15.6(1)S3',
  '15.6(2)S3',
  '15.6(1)S4',
  '15.6(2)S4',
  '15.1(3)SVI2',
  '15.1(3)SVI1a',
  '15.1(3)SVI2a',
  '15.1(3)SVI3',
  '15.1(3)SVI31a',
  '15.1(3)SVI31b',
  '15.1(3)SVI3b',
  '15.1(3)SVI3c',
  '15.6(1)T',
  '15.6(2)T',
  '15.6(1)T0a',
  '15.6(1)T1',
  '15.6(2)T1',
  '15.6(1)T2',
  '15.6(2)T0a',
  '15.6(2)T2',
  '15.6(1)T3',
  '15.6(2)T3',
  '15.3(3)JNB',
  '15.3(3)JNB1',
  '15.3(3)JNB2',
  '15.3(3)JNB3',
  '15.3(3)JNB4',
  '15.3(3)JNB6',
  '15.3(3)JNB5',
  '15.3(3)JAX',
  '15.3(3)JAX1',
  '15.3(3)JAX2',
  '15.3(3)JBB',
  '15.3(3)JBB1',
  '15.3(3)JBB2',
  '15.3(3)JBB4',
  '15.3(3)JBB5',
  '15.3(3)JBB6',
  '15.3(3)JBB8',
  '15.3(3)JBB6a',
  '15.3(3)JC',
  '15.3(3)JC1',
  '15.3(3)JC2',
  '15.3(3)JC3',
  '15.3(3)JC4',
  '15.3(3)JC5',
  '15.3(3)JC6',
  '15.3(3)JC8',
  '15.3(3)JC9',
  '15.3(3)JC14',
  '15.3(3)JNC',
  '15.3(3)JNC1',
  '15.3(3)JNC2',
  '15.3(3)JNC3',
  '15.3(3)JNC4',
  '15.3(3)JNP',
  '15.3(3)JNP1',
  '15.3(3)JNP3',
  '15.5(2)XB',
  '15.6(2)SP',
  '15.6(2)SP1',
  '15.6(2)SP2',
  '15.6(2)SP3',
  '15.6(2)SP4',
  '15.6(2)SP3b',
  '15.6(2)SP5',
  '15.6(2)SP6',
  '15.6(1)SN',
  '15.6(1)SN1',
  '15.6(2)SN',
  '15.6(1)SN2',
  '15.6(1)SN3',
  '15.6(3)SN',
  '15.6(4)SN',
  '15.6(5)SN',
  '15.6(6)SN',
  '15.6(7)SN',
  '15.6(7)SN1',
  '15.3(3)JPB',
  '15.3(3)JPB1',
  '15.3(3)JD',
  '15.3(3)JD2',
  '15.3(3)JD3',
  '15.3(3)JD4',
  '15.3(3)JD5',
  '15.3(3)JD6',
  '15.3(3)JD7',
  '15.3(3)JD8',
  '15.3(3)JD9',
  '15.3(3)JD11',
  '15.3(3)JD12',
  '15.3(3)JD13',
  '15.3(3)JD14',
  '15.3(3)JD16',
  '15.3(3)JD17',
  '15.6(3)M',
  '15.6(3)M1',
  '15.6(3)M0a',
  '15.6(3)M1a',
  '15.6(3)M1b',
  '15.6(3)M2',
  '15.6(3)M2a',
  '15.6(3)M3',
  '15.6(3)M3a',
  '15.6(3)M4',
  '15.6(3)M5',
  '15.6(3)M6',
  '15.6(3)M6a',
  '15.6(3)M6b',
  '15.1(3)SVJ',
  '15.1(3)SVJ2',
  '15.3(3)JPC',
  '15.3(3)JPC1',
  '15.3(3)JPC2',
  '15.3(3)JPC3',
  '15.3(3)JPC5',
  '15.3(3)JND',
  '15.3(3)JND1',
  '15.3(3)JND2',
  '15.3(3)JND3',
  '15.3(3)JE',
  '15.3(3)JPD',
  '15.3(3)JDA7',
  '15.3(3)JDA8',
  '15.3(3)JDA9',
  '15.3(3)JDA11',
  '15.3(3)JDA12',
  '15.3(3)JDA13',
  '15.3(3)JDA14',
  '15.3(3)JDA16',
  '15.3(3)JDA17',
  '15.3(3)JF',
  '15.3(3)JF1',
  '15.3(3)JF2',
  '15.3(3)JF4',
  '15.3(3)JF5',
  '15.3(3)JF6',
  '15.3(3)JF7',
  '15.3(3)JF8',
  '15.3(3)JF9',
  '15.3(3)JCA7',
  '15.3(3)JCA8',
  '15.3(3)JCA9',
  '15.7(3)M',
  '15.7(3)M1',
  '15.7(3)M0a',
  '15.7(3)M3',
  '15.7(3)M2',
  '15.7(3)M4',
  '15.7(3)M4a',
  '15.7(3)M4b',
  '15.3(3)JG',
  '15.3(3)JG1',
  '15.3(3)JH',
  '15.3(3)JH1',
  '15.3(3)JI1',
  '15.3(3)JI3',
  '15.3(3)JI4',
  '15.8(3)M',
  '15.8(3)M1',
  '15.8(3)M0a',
  '15.8(3)M0b',
  '15.8(3)M2',
  '15.8(3)M1a',
  '15.8(3)M2a',
  '15.3(3)JJ',
  '15.1(3)SVR'
);

workarounds = make_list(CISCO_WORKAROUNDS['show_processes']);
workaround_params = {'pat' : 'CCSIP_SPI_CONTRO'};

reporting = make_array(
  'port'     , product_info['port'],
  'severity' , SECURITY_HOLE,
  'version'  , product_info['version'],
  'bug_id'   , 'CSCvn00218',
  'cmds'     , make_list('show processes')
);

cisco::check_and_report(
  product_info:product_info,
  workarounds:workarounds,
  workaround_params:workaround_params,
  reporting:reporting,
  vuln_versions:version_list
);