7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
47.3%
According to its self-reported version, Cisco IOS-XE Software is affected by a denial of service (DoS) vulnerability that exists in its implementation of the Public Key Infrastructure (RPKI) feature due to the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. An unauthenticated remote attacker can exploit this issue via network to cause the Border Gateway Protocol (BGP) process to crash and restart constantly, potentially making BGP routing unstable.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
#TRUSTED a7ef56ea4f42c5d75dbbda2f967fbdc2f2287cf2a89ecfc8dc882b486e71d65d6501d2aa4814cd7c2ac929f2c9b0fca9fa4060f726c9da5b3059abc3031104f282022413ef0e9bfc03ba8ee8d0259a766f61872257fa3c4715824d31a4b67b37c7afad4e030204e907363ee2712a0df8eeb62f80a311e09fa410efbcfd537f6ebe8710fd7ebfc5faa940c97c8801212811591f3a733b1fe27e9857c1102b5de3e27833b5493f97e872c526da316f462f87ea1f51e46c01cbec01224f494343203bb8e1e20a2968b42e5c2b1ee7a11208262fa46444ebfb2fe8eac028ae478456c4e5a34606a3fa162b4f5c287e4d3e648fe24f7d6654386c85bf545ba27a637ce5418a749a5beac111c54b165497506c757b45e8a5d2db0296f2780fa5246cd943a9b16b052f9d1c60e6473d077a8b5faea9180dac1b5d8646828ae2e519dfe28e160b3dbad7dd9cad3d2a23779ec6afbb7f7142f0662217d9427d31193d56bc67427a52d6702160b14e9d4ab1a4d66aeb5bb8e0200eef8ae65fd34fb32edeb78b8df0b0643ecd99ed201029d95bcd0c3953c697730f61b40bce6eb27314d3b6259f342d5259c04591b8b366ef2427bdb8df0687700a6df610b487216445cc9a6e5df120cdf1f0c0b762fb057ed8fb4b0ebe0499c5f15a87813d7c4bac48c3101e2639b61053393dbc638a091fcae9145fd19abac7eaaa5112830c0678dfa9c8
#TRUST-RSA-SHA256 027a1a3e65094196e96c0de1321b9d50adbfc633a5010e5a11cf4dcbc528fae99b35331cc2f7c7418cf7e53ebbcafc121a0da42eb380d97432a502f3cf8c9a6960b3351e973736cd960844c6282065c87e8999f4609a29e7ca8c22ec5c7661a17c619fd4c94d3ba879e0c233e54417e189d2a93559ee68342925dd6484509b6d5270f8285685ca09ea46c169c4b598554d7adea144cb9d6c7af3e486a3e41661907e68f14b0658d03789fd69a70c8e207c930395e529ad1b9d6e061dedf1cca5c22bbfe5241e4fe6624c9da8595b0a387fd4a120575732ce07c0e61e375809fe0da93b1403c88b5c57f6f2cc7d2a5ae3d08a13174232f81e116fc35018fa0b7b1a70189bf2fb0e7b25709b32d30bf717b3252470ef5fbc28378fa1f9a17caa74af32d18d3393d5a8e071788281ee70a74cea9f2acfc27548379b36339d3e71451f7bc2dc1532318fdff8d0fe75c4618e14038a5e1cf511d562956e007ed73b6b09de9241ad59b7d5ac5c5c3b0751bff481724d2a8c4c150b37618fbb89be211e27b777201d507757f5703fd090aef704a8778f15e4172323c65881839f262778286186e3958a1aa437bcc6263eeace51bdaed5aafda8352a2a62a61f13244fada9ad312733a8ec52c5c11a35d0df82d5df0c37303805f692423fd2483fdf0d1fad9f4286d95eaf0ef6053d86bb6c47e2692ece3c052f0f2e40890773f57dcd4b
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(168368);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");
script_cve_id("CVE-2022-20694");
script_xref(name:"CISCO-BUG-ID", value:"CSCvz55292");
script_xref(name:"CISCO-SA", value:"cisco-sa-iosxe-rpki-dos-2EgCNeKE");
script_name(english:"Cisco IOS XE Software Border Gateway Protocol Resource Public Key Infrastructure DoS (cisco-sa-iosxe-rpki-dos-2EgCNeKE)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is affected by a denial of service vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS-XE Software is affected by a denial of service (DoS) vulnerability
that exists in its implementation of the Public Key Infrastructure (RPKI) feature due to the incorrect handling of a
specific RPKI to Router (RTR) Protocol packet header. An unauthenticated remote attacker can exploit this issue via
network to cause the Border Gateway Protocol (BGP) process to crash and restart constantly, potentially making BGP
routing unstable.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rpki-dos-2EgCNeKE
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3931bd3d");
script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74561");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz55292");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvz55292");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-20694");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(617);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/04/13");
script_set_attribute(attribute:"patch_publication_date", value:"2022/04/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/12/02");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xe_version.nasl");
script_require_keys("Host/Cisco/IOS-XE/Version");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
var product_info = cisco::get_product_info(name:'Cisco IOS XE Software');
var version_list=make_list(
'3.7.0S',
'3.7.0bS',
'3.7.0xaS',
'3.7.0xbS',
'3.7.1S',
'3.7.1aS',
'3.7.2S',
'3.7.2tS',
'3.7.3S',
'3.7.4S',
'3.7.4aS',
'3.7.5S',
'3.7.6S',
'3.7.7S',
'3.7.8S',
'3.8.0S',
'3.8.1S',
'3.8.2S',
'3.9.0S',
'3.9.0aS',
'3.9.0xaS',
'3.9.1S',
'3.9.1aS',
'3.9.2S',
'3.10.0S',
'3.10.1S',
'3.10.1xbS',
'3.10.1xcS',
'3.10.2S',
'3.10.2aS',
'3.10.2tS',
'3.10.3S',
'3.10.4S',
'3.10.5S',
'3.10.6S',
'3.10.7S',
'3.10.8S',
'3.10.8aS',
'3.10.9S',
'3.10.10S',
'3.11.0S',
'3.11.1S',
'3.11.2S',
'3.11.3S',
'3.11.4S',
'3.11.5E',
'3.12.0S',
'3.12.0aS',
'3.12.1S',
'3.12.2S',
'3.12.3S',
'3.12.4S',
'3.13.0S',
'3.13.0aS',
'3.13.1S',
'3.13.2S',
'3.13.2aS',
'3.13.3S',
'3.13.4S',
'3.13.5S',
'3.13.5aS',
'3.13.6S',
'3.13.6aS',
'3.13.6bS',
'3.13.7S',
'3.13.7aS',
'3.13.8S',
'3.13.9S',
'3.13.10S',
'3.14.0S',
'3.14.1S',
'3.14.2S',
'3.14.3S',
'3.14.4S',
'3.15.0S',
'3.15.1S',
'3.15.1cS',
'3.15.2S',
'3.15.3S',
'3.15.4S',
'3.16.0S',
'3.16.0aS',
'3.16.0bS',
'3.16.0cS',
'3.16.1S',
'3.16.1aS',
'3.16.2S',
'3.16.2aS',
'3.16.2bS',
'3.16.3S',
'3.16.3aS',
'3.16.4S',
'3.16.4aS',
'3.16.4bS',
'3.16.4cS',
'3.16.4dS',
'3.16.4eS',
'3.16.4gS',
'3.16.5S',
'3.16.5aS',
'3.16.5bS',
'3.16.6S',
'3.16.6bS',
'3.16.7S',
'3.16.7aS',
'3.16.7bS',
'3.16.8S',
'3.16.9S',
'3.16.10S',
'3.16.10aS',
'3.16.10bS',
'3.16.10cS',
'3.17.0S',
'3.17.1S',
'3.17.1aS',
'3.17.2S',
'3.17.3S',
'3.17.4S',
'3.18.0S',
'3.18.0SP',
'3.18.0aS',
'3.18.1S',
'3.18.1SP',
'3.18.1aSP',
'3.18.1bSP',
'3.18.1cSP',
'3.18.1gSP',
'3.18.1hSP',
'3.18.1iSP',
'3.18.2S',
'3.18.2SP',
'3.18.2aSP',
'3.18.3S',
'3.18.3SP',
'3.18.3aSP',
'3.18.3bSP',
'3.18.4S',
'3.18.4SP',
'3.18.5SP',
'3.18.6SP',
'3.18.7SP',
'3.18.8SP',
'3.18.8aSP',
'3.18.9SP',
'16.1.1',
'16.1.2',
'16.1.3',
'16.2.1',
'16.2.2',
'16.3.1',
'16.3.1a',
'16.3.2',
'16.3.3',
'16.3.4',
'16.3.5',
'16.3.5b',
'16.3.6',
'16.3.7',
'16.3.8',
'16.3.9',
'16.3.10',
'16.3.11',
'16.4.1',
'16.4.2',
'16.4.3',
'16.5.1',
'16.5.1a',
'16.5.1b',
'16.5.2',
'16.5.3',
'16.6.1',
'16.6.2',
'16.6.3',
'16.6.4',
'16.6.4a',
'16.6.4s',
'16.6.5',
'16.6.5a',
'16.6.5b',
'16.6.6',
'16.6.7',
'16.6.7a',
'16.6.8',
'16.6.9',
'16.6.10',
'16.7.1',
'16.7.1a',
'16.7.1b',
'16.7.2',
'16.7.3',
'16.7.4',
'16.8.1',
'16.8.1a',
'16.8.1b',
'16.8.1c',
'16.8.1d',
'16.8.1e',
'16.8.1s',
'16.8.2',
'16.8.3',
'16.9.1',
'16.9.1a',
'16.9.1b',
'16.9.1c',
'16.9.1d',
'16.9.1s',
'16.9.2',
'16.9.2a',
'16.9.2s',
'16.9.3',
'16.9.3a',
'16.9.3h',
'16.9.3s',
'16.9.4',
'16.9.4c',
'16.9.5',
'16.9.5f',
'16.9.6',
'16.9.7',
'16.9.8',
'16.10.1',
'16.10.1a',
'16.10.1b',
'16.10.1c',
'16.10.1d',
'16.10.1e',
'16.10.1f',
'16.10.1g',
'16.10.1s',
'16.10.2',
'16.10.3',
'17.6.1w'
);
var workarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);
var workaround_params = WORKAROUND_CONFIG['rpki_enabled'];
var reporting = make_array(
'port' , product_info['port'],
'severity', SECURITY_HOLE,
'version' , product_info['version'],
'cmds' , make_list('show bgp rpki servers'),
'bug_id' , 'CSCvz55292',
'fix' , 'See vendor advisory'
);
cisco::check_and_report(
product_info:product_info,
workarounds:workarounds,
workaround_params:workaround_params,
reporting:reporting,
vuln_versions:version_list
);
7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
47.3%