7.4 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.9%
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#TRUSTED a64e09a82fe1e72b849c79d21527ab02fe0c0242002f036ae8b3c2fd144cc89c8cf82e4c64d210f42ca4ab402f2b0491d805dbf5276b32e6b31fef76dfeb3ce5701713a7a77c5ec10366088c548f7a6b6d4fc458bf3b54b2b68f3617ef0d9ce9621675e10a8f1b2bf5309fc7de457f3f89e395a8ae563562edbf0dca3217e1c1ac3351e9876df29571555ae4cd9d333dd612f7568e3a30148060324677b890647177cdc5d5cc1e184ddf6569eda5b87ba11ec6dd5c6c8b6f4cdba9726dc24083161ec80c36c75523cb33b71d85863dca009b56edee9041dc006bce6c226ae511dd9fcd86ee9de2ea5bdc0ee017acb9bd429a0edc5ed20f95e1115a330c5b6422dd4b8f1b6b33d8cb9f89f8b98e189c27922b1bcfb437b10714bf5428e9360937dcfce1c1f08e55e167389d3cc0a5140ce09672a04fe778593b3210e8698fb09e664e9f085cefe84d8ac14e58168d765705ee892ff0bb9eec951331575e198ec99d5be72b1271d0e4d210cfa2c8bc3ce0225a2af5752255e9eedea53b706cbc0e4bc65cf33a146010efa487b72369e67ec1f71f9be3e4202d1e8c68c43f5b81b5aac63da63c24e3b1e9407ebdee374a53cdb2995737c250d76c4f4d84df679f3eb20bf5498b5c6d584a47af252e7351696ada493e7c88276f4ff8168fd50306c618a3f56cdff401da73a4d34686692c4157e25f53f521835a9defce5cb738fe51
#TRUST-RSA-SHA256 12a6019876aba2393470a166fa2c9346c20fa4113158d88e645a8ee52b849a7364880c3b5dbf5087268607075b058445b9853f5d31bb23972ff54a48899dd33f579992b7f21d6a879a67948200d51d805b0a53e429175202344f82ab7b1f75b243fae568c95939063f8bf9a9ae96356c0d5aff125e718d4fadce8be722fb7380fead9a0aa70af203b70303929dcae8fd1ac87f4d57562ce06602122bb47eb0dd2982686dcae2be9989c3ac170bd80d2e1bef112dd563cd6a79d444557125952d33b60345ac390c5e67f359c3828f7dde2c0fae85b7b38eb1068d36388c54ea13740b45fa73fbaac306f711410b63f5b5d7d76d24d28dd86895d5db51329510ef8b905205fe52e12ee1a0a127d4d5c41f0ad833d99ac26f54fa257302d5b669512a0b53745297610b15ba59b030b994aa2f8fe55e773f474221f6580042b1fdb3d8ac7ca8486098fcc34a6e24c8356064815e0527990b2362c10320653be181694e23cb43476db49cee64ba91d3bb3b73748074d946b20fa7cd980b31534ef8b32a73ac03803f50361ae75540c9437d451bdf5e70cbb1c6ac420204f11715b9298d6de2e16522dfc471e4dc063398cd3d06cb5316a1b9a4925cab307ac2d2facd405a42f06a19fbd39bd4c97110a21f314969687146e5e9e843df1c8bcb7fdda995e1410fd044d797efdec52bbfdb0143431484b2f25df2a55160f3eeaa92ebf1
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(193264);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/12");
script_cve_id("CVE-2024-20313");
script_xref(name:"IAVA", value:"2024-A-0188");
script_xref(name:"CISCO-BUG-ID", value:"CSCwf51268");
script_xref(name:"CISCO-SA", value:"cisco-sa-iosxe-ospf-dos-dR9Sfrxp");
script_name(english:"Cisco IOS XE Software OSPFv2 DoS (cisco-sa-iosxe-ospf-dos-dR9Sfrxp)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability.
- A vulnerability in the OSPF version 2 (OSPFv2) feature of Cisco IOS XE Software could allow an
unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a
denial of service (DoS) condition. This vulnerability is due to improper validation of OSPF updates that
are processed by a device. An attacker could exploit this vulnerability by sending a malformed OSPF
update to the device. A successful exploit could allow the attacker to cause the affected device to
reload, resulting in a DoS condition.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ospf-dos-dR9Sfrxp
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e3756ed0");
# https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a1da659d");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf51268");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwf51268");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20313");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(120);
script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/27");
script_set_attribute(attribute:"patch_publication_date", value:"2024/03/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/12");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xe_version.nasl");
script_require_keys("Host/Cisco/IOS-XE/Version");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
var product_info = cisco::get_product_info(name:'Cisco IOS XE Software');
var version_list=make_list(
'17.5.1',
'17.5.1a',
'17.5.1b',
'17.5.1c',
'17.6.1',
'17.6.1a',
'17.6.1w',
'17.6.1x',
'17.6.1y',
'17.6.1z',
'17.6.1z1',
'17.6.2',
'17.6.3',
'17.6.3a',
'17.6.4',
'17.6.5',
'17.6.5a',
'17.7.1',
'17.7.1a',
'17.7.1b',
'17.7.2',
'17.8.1',
'17.8.1a',
'17.9.1',
'17.9.1a',
'17.9.1w',
'17.9.1x',
'17.9.1x1',
'17.9.1y',
'17.9.1y1',
'17.9.2',
'17.9.2a',
'17.9.3',
'17.9.3a',
'17.10.1',
'17.10.1a',
'17.10.1b',
'17.11.1',
'17.11.1a',
'17.11.99SW'
);
var workarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);
var workaround_params = [
WORKAROUND_CONFIG['ospf_link-state_distribution_enabled']
];
var reporting = make_array(
'port' , product_info['port'],
'severity', SECURITY_WARNING,
'version' , product_info['version'],
'cmds' , make_list('show running-config'),
'bug_id' , 'CSCwf51268'
);
cisco::check_and_report(
product_info:product_info,
workarounds:workarounds,
workaround_params:workaround_params,
reporting:reporting,
vuln_versions:version_list
);
7.4 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.9%