CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
25.0%
According to its self-reported version, the Cisco Firepower Threat Defense (FTD) software installed on the remote host is affected by a vulnerability in the Open Shortest Path First (OSPF) implementation due to incorrect processing of certain OSPF packets.
An unauthenticated, adjacent attacker can exploit this by sending a series of crafted LSA type 11 OSPF packet to an affected device, causing cause a reload of the affected device, resulting in a DoS.
Please see the included Cisco BID and Cisco Security Advisory for more information and how to determine whether OSPF routing is configured.
#TRUSTED 2a77e831cc7e0231e2deab222fdee3bd9e1cb5a800efe8d6b711ca50a29ca8c1dd9be3c02eb00c363979674ee6d14ec533e8d50f3fb7e85c393c71cd35c541ca6dfdcd9499f1512bb0ae491e43e8cd4a8496a9a9db69a1c4813e5296ddaf59d52026a83b683e6a891bddf491b75c5435bd8f263ed7bdc8a924e21b38e2559451df267d61bbf53bfe8bc8a52fe564c106a8a8e08280e350fb8a76566c98d815a990a736185dcd8880d51429e40b474bcd8bb44ede6c67727ed1846f1e290fd9403498ae02c4c5953ce03a5c6e7e813ebfe347d0c5b58831a4683678edc863c108f303594f8b3faadaa70b56cbc44a08f726d64dd9251de8537f6a76975320e6683d8f79eede8aee5494f0df4733912b78efce7c98be2b44ce9c535077e9c6e24c65e9888cf216de4ca72d63de821127fe3cea790ae1bb291b0ee01e9474d470374b888137590d189ce7690d8fe48998bee547acfbe515ef014abe5f4cf45a1e2fe6b818e2ea18ce2827089cee96d62857d14d5e1cc1abf294bd12495d2d90ebad98835a0f424e01facd9420d9daa78c5a8a3f53f9118853ee0cc796f6a643a15f5b280c267fea156f4924ec6003704cdf66c2c33be0856987f69bdad202b4d7173448afff6aa53f133945de9d433e8ab1e857c80a8580883da5a5a355729fae8f175559ec2c8dadd1fcd6095a7db26b68c20c0094f8196558b7fb693726f30b95
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(138025);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/03");
script_cve_id("CVE-2019-12676");
script_xref(name:"CISCO-BUG-ID", value:"CSCvp49790");
script_xref(name:"CISCO-SA", value:"cisco-sa-20191002-asa-ospf-lsa-dos");
script_name(english:"Cisco Firepower Threat Defense Software OSPF LSA Packets Processing DoS (cisco-sa-20191002-asa-ospf-lsa-dos)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Cisco Firepower Threat
Defense (FTD) software installed on the remote host is affected
by a vulnerability in the Open Shortest Path First (OSPF)
implementation due to incorrect processing of certain OSPF packets.
An unauthenticated, adjacent attacker can exploit this by sending a
series of crafted LSA type 11 OSPF packet to an affected device,
causing cause a reload of the affected device, resulting in a DoS.
Please see the included Cisco BID and Cisco Security Advisory for more
information and how to determine whether OSPF routing is configured.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ospf-lsa-dos
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?192e9e54");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp49790");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvp49790");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12676");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/02");
script_set_attribute(attribute:"patch_publication_date", value:"2019/10/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/01");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:firepower");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:firepower_threat_defense");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
script_require_keys("installed_sw/Cisco Firepower Threat Defense", "Settings/ParanoidReport");
exit(0);
}
include('ccf.inc');
# Advisory mentions a GUI config check - plugin is paranoid because it's not checking this
if (report_paranoia < 2) audit(AUDIT_PARANOID);
product_info = cisco::get_product_info(name:'Cisco Firepower Threat Defense');
vuln_ranges = [
{'min_ver' : '0', 'fix_ver' : '6.2.3.15'},
{'min_ver' : '6.3', 'fix_ver' : '6.3.0.4'},
{'min_ver' : '6.4', 'fix_ver' : '6.4.0.4'}
];
reporting = make_array(
'port' , 0,
'severity' , SECURITY_NOTE,
'version' , product_info['version'],
'bug_id' , 'CSCvp49790'
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_ranges:vuln_ranges
);
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
25.0%