Lucene search
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-ALG-DOS-KU9Z8KFX-IOSXE.NASLHistoryOct 07, 2022 - 12:00 a.m.
Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway DoS (cisco-sa-alg-dos-KU9Z8kFX)
2022-10-0700:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
cisco
ios xe
dns
nat
alg
dos
vulnerability
tcp
packets
exploit
denial of service
bids
security advisory
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
45.5%
A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error that occurs when an affected device inspects certain TCP DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through the affected device that is performing NAT for DNS packets. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on the affected device.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
#TRUSTED a3145df7e28b962c4ebc45e49fe61b0d814a1bc4add2e80ad04e844b9241349d856ba1c5124adcb888234148b1ba244040d323270f26a92fb3a19dbd97260ce92e429fb650e5898482b868f144d6d96fc535195eb3092d65a35ec94d99efddffc59b7db7dd0fc0504030f7d191ad4715f1411d5e5d92cf8fff7e98336bf3c5c2ffb51901275d7b537d616529a864d5d62db91be92f6cdc1fb61e8c49155500aa40da208af57b46154cf5775f2735a45a25af906ca9f864c944fdc70521b96f07ebc76f0a12d85ca1fd6f45c3f014f0e77dc83ca493c83b46ab568516dd549bffd2b072bb39100e9082ab35a8642e5dba0833a70517c0d5ab48f7a584be1ce69de528f3226706e3f12213954990a6e8ad4a6b3671e15522153030f7ba7885c7a335f536bd2bb4a31405688de0bacf30f8b065d76cd761cf4fdb277339e7bd0995b9c036888b3fe6c67951e48f27f9f0e34aba2604299fb2c328ee152cd393fd09b70e45d0e0f74a45b35f479fb122424d0a600ee95fe4d0b09191af95dc21dd72d13df653858f2a5ed5026f60ce72aaa17b61b5d4ead1c1bb5e96b3d11839d21818cb588671ff4f6b3ccd4c6f82e3ffd6b94f897de06297ab0df44d776d9b6e70cf06d0457559e3ce27a5f03e41f7be110f40b3ad0c03159dbb3e17d8cb33a3e686aff45658f35bc93506442d9aa9f90c0829d1b5c716249234d7663ecfd2dce9
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(165762);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/10/10");
script_cve_id("CVE-2022-20837");
script_xref(name:"CISCO-BUG-ID", value:"CSCwa78096");
script_xref(name:"CISCO-SA", value:"cisco-sa-alg-dos-KU9Z8kFX");
script_xref(name:"IAVA", value:"2022-A-0390");
script_name(english:"Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway DoS (cisco-sa-alg-dos-KU9Z8kFX)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation
(NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
This vulnerability is due to a logic error that occurs when an affected device inspects certain TCP DNS packets. An
attacker could exploit this vulnerability by sending crafted DNS packets through the affected device that is
performing NAT for DNS packets. A successful exploit could allow the attacker to cause the device to reload, resulting
in a denial of service (DoS) condition on the affected device.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-KU9Z8kFX
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?89f41eff");
script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74745");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa78096");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwa78096");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-20837");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/09/28");
script_set_attribute(attribute:"patch_publication_date", value:"2022/09/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/07");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xe_version.nasl");
script_require_keys("Host/Cisco/IOS-XE/Version", "Host/Cisco/IOS-XE/Model");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
var product_info = cisco::get_product_info(name:'Cisco IOS XE Software');
var model = toupper(product_info.model);
# Vulnerable model list
if (model !~ "(ASR.*[12][0-9]{2}-X|Catalyst\s*C*8500-12X)")
audit(AUDIT_DEVICE_NOT_VULN, model);
var version_list=make_list(
'16.12.3',
'16.12.3a',
'16.12.3s',
'16.12.4',
'16.12.4a',
'16.12.5',
'16.12.5a',
'16.12.5b',
'16.12.6',
'16.12.6a',
'16.12.7',
'17.1.1',
'17.1.1a',
'17.1.1s',
'17.1.1t',
'17.1.2',
'17.1.3',
'17.2.1',
'17.2.1a',
'17.2.1r',
'17.2.1v',
'17.2.2',
'17.2.3',
'17.3.1',
'17.3.1a',
'17.3.1w',
'17.3.1x',
'17.3.1z',
'17.3.2',
'17.3.2a',
'17.3.3',
'17.3.3a',
'17.3.4',
'17.3.4a',
'17.3.4b',
'17.3.4c',
'17.3.5',
'17.3.5a',
'17.4.1',
'17.4.1a',
'17.4.1b',
'17.4.1c',
'17.4.2',
'17.4.2a',
'17.5.1',
'17.5.1a',
'17.6.1',
'17.6.1a',
'17.6.1w',
'17.6.1x',
'17.6.1y',
'17.6.2',
'17.6.3',
'17.6.3a',
'17.7.1',
'17.7.1a',
'17.7.1b',
'17.7.2',
'17.8.1',
'17.8.1a'
);
# note dns_alg_for_tcp regex all_absent while show_ip_nat_statistics regex is all_present
var workarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);
var workaround_params = [WORKAROUND_CONFIG['show_ip_nat_statistics'],
WORKAROUND_CONFIG['dns_alg_for_tcp'], {'require_all_generic_workarounds':TRUE}];
var reporting = make_array(
'port' , product_info['port'],
'severity', SECURITY_HOLE,
'version' , product_info['version'],
'bug_id' , 'CSCwa78096',
'cmds' , make_list('show ip nat statistics', 'show running-config | include ip nat service dns')
);
cisco::check_and_report(
product_info:product_info,
workarounds:workarounds,
workaround_params:workaround_params,
reporting:reporting,
vuln_versions:version_list
);
Related
cve
cve
CVE-2022-20837
2022-10-10 21:15:10
cnvd
cnvd
Cisco IOS XE Denial of Service Vulnerability
2022-09-30 00:00:00
cvelist
cvelist
cisco
cisco
nvd
nvd
CVE-2022-20837
2022-10-10 21:15:10
prion
prion
Design/Logic Flaw
2022-10-10 21:15:00
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
45.5%
Related for CISCO-SA-ALG-DOS-KU9Z8KFX-IOSXE.NASL