Cisco IOS Software Locator ID Separation Protocol DoS (cisco-sa-lisp-3gYXs3qP)

#TRUSTED 908770e28e2d09d3f29feff3bc8964fc03b2ef2e91e9951f96eb8e9832ada52b91b169b11b0cebb92fbb84d6cc210b383e98222411b5057f10e1c0cba283720c70ee9df342341687a229d120dab9257383b3ef5d5ea9b03f72c8753f164205144cd8fd6521150dc49a4d4bb338d57e7b3dfa4439a6722da13373cbba2d8e3ad22d12e315afaa06adf5979967f1230e1a0c2c9fdc9ed02ff6cbba8b65140d7470ad61c0fba10a7465523eca336365823c2bd0b11b0f6001b3a3aeec5ab2443876c37d9234d56ac07651a091ea1a5512a0ba519736aa6b92fcfbb6ae166ae2576a49be36b5ea2daee4d14f4dfe96883dd7d2132a57b43feb1c1bacbcba9dad6b7436bdcbae5e0395436e3459f02d8d9835cd741074fdd9781b4aaade6dab602d046eae4a37189c848de6fd445bf6338b1f92d3c7facb46154ff6b9f1b72ad083b146946161d6474eb218f64bb01aa755058e4499287e1061b7eee61f16757af14e30620fb2fc217844c741c8260600bd47db8df73c75d62f83443304272ae2cff100d7f4b0edb6fc21a96f2351f5ee228fbb43a55d0084f7e48ac8d10825768443b3ab2f578eccdc25499a949966bbdeca3f5ce5336734d545e03b7035e047165f1a9454b49e111afdb1b17707b6b6eed81df8f1623ab96ac2792086fb679c5fc46f8ba66a47107be636c6617ab884c2ff4b65edda7a08a337ba4069507d02e7ed
#TRUST-RSA-SHA256 30a6d4ccb05cdeaaa16e05c548e0610952f327d6e86e73fb5b63343f1637e3bca0bf1ef57f97673f8c68c6685c333d02421e334dac36334a9c67133b4a2382acef5549879aad8d5752f682ce5041a11a9b98a06934fed9b7fa40d4e5a5bb59cc737a17bc886ed68c36b744ada19f6d8b03061a406921180b63dc0dc197d56684b13e75bf747c12e76d93eb4b2f86988c7fdd1ca0d7dc0f8a16f03699839ea8baa05fe747055b751780309e840f004b3eed34c3baf98a1657c51daf3648cf7d14f3760073b69d9b1320292880cd12d3386e259f63547fec42dbd6c575aa0764906605ec4cd5d2c02ab0d6baa820fbf20dafc29c24bdd36cb6a9bb968c3878b5841e7219e5a77707ecaec2dbea61c3a66a138cb6f0cbb19a82adb12a0702dbfddbdf77ae575cc23eb79470969054b289df50ae0727094fe198c16a7c58220f8736ad306e07ed8f19bb2dbc9a6c44d63f72befc0177443123c29f91c67f3d77e3cda6df1e3fd7552916fcbae7c04037e788990a48df7ad0e801761c94ce71bb5892bb8eb7685c667b562d42d323a3ec8e87d13a10f4243c7a8bc038ae9983fc0d6e8ace98f684eeb1fd0aa1be8a852f107568f0c46130240b22cc3f07d311a9de7d5658ff24d71ee3974bf95c176c68157dfe5236ec3af6df10a03ab863fe79a5c7ef1493ecf5d4e07e835b0ba7e285d3b30389ae00bdb75d3b534115bdaa95f054
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(193269);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/12");

  script_cve_id("CVE-2024-20311");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwf36266");
  script_xref(name:"CISCO-SA", value:"cisco-sa-lisp-3gYXs3qP");
  script_xref(name:"IAVA", value:"2024-A-0188");

  script_name(english:"Cisco IOS Software Locator ID Separation Protocol DoS (cisco-sa-lisp-3gYXs3qP)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS is affected by a vulnerability.

  - A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS
    XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This
    vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit this
    vulnerability by sending a crafted LISP packet to an affected device. A successful exploit could allow the
    attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Note: This
    vulnerability could be exploited over either IPv4 or IPv6 transport. (CVE-2024-20311)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lisp-3gYXs3qP
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a1b2c681");
  # https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a1da659d");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf36266");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwf36266");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20311");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(674);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/03/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/12");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_version.nasl");
  script_require_keys("Host/Cisco/IOS/Version");

  exit(0);
}

include('cisco_workarounds.inc');
include('ccf.inc');

var product_info = cisco::get_product_info(name:'Cisco IOS');

var version_list=make_list(
  '12.2(6)I1',
  '15.1(1)SY',
  '15.1(1)SY1',
  '15.1(1)SY2',
  '15.1(1)SY3',
  '15.1(1)SY4',
  '15.1(1)SY5',
  '15.1(1)SY6',
  '15.1(1)XB',
  '15.1(1)XB1',
  '15.1(1)XB2',
  '15.1(1)XB3',
  '15.1(2)S',
  '15.1(2)S1',
  '15.1(2)S2',
  '15.1(2)SY',
  '15.1(2)SY1',
  '15.1(2)SY2',
  '15.1(2)SY3',
  '15.1(2)SY4',
  '15.1(2)SY4a',
  '15.1(2)SY5',
  '15.1(2)SY6',
  '15.1(2)SY7',
  '15.1(2)SY8',
  '15.1(2)SY9',
  '15.1(2)SY10',
  '15.1(2)SY11',
  '15.1(2)SY12',
  '15.1(2)SY13',
  '15.1(2)SY14',
  '15.1(2)SY15',
  '15.1(2)SY16',
  '15.1(2)SY16a',
  '15.1(3)MRA',
  '15.1(3)MRA1',
  '15.1(3)MRA2',
  '15.1(3)MRA3',
  '15.1(3)MRA4',
  '15.1(3)S',
  '15.1(3)S0a',
  '15.1(3)S1',
  '15.1(3)S2',
  '15.1(3)S3',
  '15.1(3)S4',
  '15.1(3)S5',
  '15.1(3)S5a',
  '15.1(3)S6',
  '15.1(3)S7',
  '15.1(3)SVB1',
  '15.1(3)SVB2',
  '15.1(3)SVD',
  '15.1(3)SVD1',
  '15.1(3)SVD2',
  '15.1(3)SVD3',
  '15.1(3)SVE',
  '15.1(3)SVF',
  '15.1(3)SVF1',
  '15.1(3)SVF2',
  '15.1(3)SVF2a',
  '15.1(3)SVF4b',
  '15.1(3)SVF4c',
  '15.1(3)SVF4d',
  '15.1(3)SVF4e',
  '15.1(3)SVF4f',
  '15.1(3)SVG',
  '15.1(3)SVG1a',
  '15.1(3)SVG1b',
  '15.1(3)SVG1c',
  '15.1(3)SVG2',
  '15.1(3)SVG2a',
  '15.1(3)SVG3',
  '15.1(3)SVG3a',
  '15.1(3)SVG3b',
  '15.1(3)SVG3c',
  '15.1(3)SVH',
  '15.1(3)SVH2',
  '15.1(3)SVH4',
  '15.1(3)SVH4a',
  '15.1(3)SVI1a',
  '15.1(3)SVI2',
  '15.1(3)SVI2a',
  '15.1(3)SVI3',
  '15.1(3)SVI3b',
  '15.1(3)SVI3c',
  '15.1(3)SVI31a',
  '15.1(3)SVI31b',
  '15.1(3)SVJ',
  '15.1(3)SVJ2',
  '15.1(3)SVR1',
  '15.1(3)SVR2',
  '15.1(3)SVR3',
  '15.1(3)SVR10',
  '15.1(3)SVS',
  '15.1(3)SVS1',
  '15.1(3)SVT1',
  '15.1(3)SVT2',
  '15.1(3)SVT3',
  '15.1(3)SVT4',
  '15.1(3)SVU1',
  '15.1(3)SVU2',
  '15.1(3)SVU10',
  '15.1(3)SVU11',
  '15.1(3)SVU20',
  '15.1(3)SVU21',
  '15.1(3)SVV1',
  '15.1(3)SVV2',
  '15.1(3)SVV3',
  '15.1(3)SVV4',
  '15.1(3)SVW',
  '15.1(3)SVW1',
  '15.1(3)SVX',
  '15.1(3)SVX1',
  '15.1(4)GC',
  '15.1(4)GC1',
  '15.1(4)GC2',
  '15.1(4)M',
  '15.1(4)M0a',
  '15.1(4)M0b',
  '15.1(4)M1',
  '15.1(4)M2',
  '15.1(4)M3',
  '15.1(4)M3a',
  '15.1(4)M4',
  '15.1(4)M5',
  '15.1(4)M6',
  '15.1(4)M7',
  '15.1(4)M8',
  '15.1(4)M9',
  '15.1(4)M10',
  '15.1(4)M12a',
  '15.1(4)XB4',
  '15.1(4)XB5',
  '15.1(4)XB5a',
  '15.1(4)XB6',
  '15.1(4)XB7',
  '15.1(4)XB8',
  '15.1(4)XB8a',
  '15.2(1)GC',
  '15.2(1)GC1',
  '15.2(1)GC2',
  '15.2(1)S',
  '15.2(1)S1',
  '15.2(1)S2',
  '15.2(1)SC1a',
  '15.2(1)SD1',
  '15.2(1)SD2',
  '15.2(1)SD3',
  '15.2(1)SD4',
  '15.2(1)SD6',
  '15.2(1)SD6a',
  '15.2(1)SD7',
  '15.2(1)SD8',
  '15.2(1)SY',
  '15.2(1)SY0a',
  '15.2(1)SY1',
  '15.2(1)SY1a',
  '15.2(1)SY2',
  '15.2(1)SY3',
  '15.2(1)SY4',
  '15.2(1)SY5',
  '15.2(1)SY6',
  '15.2(1)SY7',
  '15.2(1)SY8',
  '15.2(2)GC',
  '15.2(2)S',
  '15.2(2)S0a',
  '15.2(2)S0c',
  '15.2(2)S0d',
  '15.2(2)S1',
  '15.2(2)S2',
  '15.2(2)SC',
  '15.2(2)SC1',
  '15.2(2)SC3',
  '15.2(2)SC4',
  '15.2(2)SY',
  '15.2(2)SY1',
  '15.2(2)SY2',
  '15.2(2)SY3',
  '15.2(3)GC',
  '15.2(3)GC1',
  '15.2(4)GC',
  '15.2(4)GC1',
  '15.2(4)GC2',
  '15.2(4)GC3',
  '15.2(4)M',
  '15.2(4)M1',
  '15.2(4)M2',
  '15.2(4)M3',
  '15.2(4)M4',
  '15.2(4)M5',
  '15.2(4)M6',
  '15.2(4)M6a',
  '15.2(4)M6b',
  '15.2(4)M9',
  '15.2(4)M10',
  '15.2(4)M11',
  '15.2(4)S',
  '15.2(4)S0c',
  '15.2(4)S1',
  '15.2(4)S1c',
  '15.2(4)S2',
  '15.2(4)S3',
  '15.2(4)S3a',
  '15.2(4)S4',
  '15.2(4)S4a',
  '15.2(4)S5',
  '15.2(4)S6',
  '15.2(4)S7',
  '15.2(4)S8',
  '15.2(5)E1',
  '15.2(5)E2',
  '15.2(5)E2b',
  '15.2(5)E2c',
  '15.2(5)EX',
  '15.2(5a)E1',
  '15.2(6)E',
  '15.2(6)E0a',
  '15.2(6)E0c',
  '15.2(6)E1',
  '15.2(6)E1a',
  '15.2(6)E1s',
  '15.2(6)E2',
  '15.2(6)E2a',
  '15.2(6)E2b',
  '15.2(6)E3',
  '15.2(6)EB',
  '15.2(7)E',
  '15.2(7)E0a',
  '15.2(7)E0b',
  '15.2(7)E0s',
  '15.2(7)E1',
  '15.2(7)E1a',
  '15.2(7)E2',
  '15.2(7)E2a',
  '15.2(7)E2b',
  '15.2(7)E3',
  '15.2(7)E3k',
  '15.2(7)E4',
  '15.2(7)E5',
  '15.2(7)E6',
  '15.2(7)E7',
  '15.2(7)E8',
  '15.2(7a)E0b',
  '15.2(7b)E0b',
  '15.2(8)E',
  '15.2(8)E1',
  '15.2(8)E2',
  '15.2(8)E3',
  '15.2(8)E4',
  '15.3(0)SY',
  '15.3(1)S',
  '15.3(1)S1',
  '15.3(1)S1e',
  '15.3(1)S2',
  '15.3(1)SY',
  '15.3(1)SY1',
  '15.3(1)SY2',
  '15.3(1)T',
  '15.3(1)T1',
  '15.3(1)T2',
  '15.3(1)T3',
  '15.3(1)T4',
  '15.3(2)S',
  '15.3(2)S1',
  '15.3(2)S2',
  '15.3(2)T',
  '15.3(2)T1',
  '15.3(2)T2',
  '15.3(2)T3',
  '15.3(2)T4',
  '15.3(3)M',
  '15.3(3)M1',
  '15.3(3)M2',
  '15.3(3)M3',
  '15.3(3)M4',
  '15.3(3)M6',
  '15.3(3)M7',
  '15.3(3)M8',
  '15.3(3)M8a',
  '15.3(3)M9',
  '15.3(3)M10',
  '15.3(3)S',
  '15.3(3)S1',
  '15.3(3)S1a',
  '15.3(3)S2',
  '15.3(3)S2a',
  '15.3(3)S3',
  '15.3(3)S4',
  '15.3(3)S5',
  '15.3(3)S6',
  '15.3(3)S6a',
  '15.3(3)S7',
  '15.3(3)S8',
  '15.3(3)S8a',
  '15.3(3)S9',
  '15.3(3)S10',
  '15.3(3)XB12',
  '15.4(1)CG',
  '15.4(1)CG1',
  '15.4(1)S',
  '15.4(1)S1',
  '15.4(1)S2',
  '15.4(1)S3',
  '15.4(1)S4',
  '15.4(1)SY',
  '15.4(1)SY1',
  '15.4(1)SY2',
  '15.4(1)SY3',
  '15.4(1)SY4',
  '15.4(1)T',
  '15.4(1)T1',
  '15.4(1)T2',
  '15.4(2)CG',
  '15.4(2)S',
  '15.4(2)S1',
  '15.4(2)S2',
  '15.4(2)S3',
  '15.4(2)S4',
  '15.4(2)SN',
  '15.4(2)SN1',
  '15.4(2)T',
  '15.4(2)T4',
  '15.4(3)M4',
  '15.4(3)M5',
  '15.4(3)M6',
  '15.4(3)M6a',
  '15.4(3)M7',
  '15.4(3)M7a',
  '15.4(3)M8',
  '15.4(3)M9',
  '15.4(3)M10',
  '15.4(3)S',
  '15.4(3)S0d',
  '15.4(3)S0e',
  '15.4(3)S0f',
  '15.4(3)S1',
  '15.4(3)S2',
  '15.4(3)S3',
  '15.4(3)S4',
  '15.4(3)S5',
  '15.4(3)S6',
  '15.4(3)S6a',
  '15.4(3)S7',
  '15.4(3)S8',
  '15.4(3)S9',
  '15.4(3)S10',
  '15.4(3)SN1',
  '15.4(3)SN1a',
  '15.5(1)S',
  '15.5(1)S1',
  '15.5(1)S2',
  '15.5(1)S3',
  '15.5(1)S4',
  '15.5(1)SN',
  '15.5(1)SN1',
  '15.5(1)SY',
  '15.5(1)SY1',
  '15.5(1)SY2',
  '15.5(1)SY3',
  '15.5(1)SY4',
  '15.5(1)SY5',
  '15.5(1)SY6',
  '15.5(1)SY7',
  '15.5(1)SY8',
  '15.5(1)SY9',
  '15.5(1)SY10',
  '15.5(1)SY11',
  '15.5(1)T3',
  '15.5(1)T4',
  '15.5(2)S',
  '15.5(2)S1',
  '15.5(2)S2',
  '15.5(2)S3',
  '15.5(2)S4',
  '15.5(2)SN',
  '15.5(2)T',
  '15.5(2)T1',
  '15.5(2)T2',
  '15.5(2)T3',
  '15.5(2)T4',
  '15.5(3)M',
  '15.5(3)M0a',
  '15.5(3)M1',
  '15.5(3)M2',
  '15.5(3)M2a',
  '15.5(3)M3',
  '15.5(3)M4',
  '15.5(3)M4a',
  '15.5(3)M4b',
  '15.5(3)M4c',
  '15.5(3)M5',
  '15.5(3)M6',
  '15.5(3)M6a',
  '15.5(3)M7',
  '15.5(3)M8',
  '15.5(3)M9',
  '15.5(3)M10',
  '15.5(3)M11',
  '15.5(3)M11a',
  '15.5(3)M11b',
  '15.5(3)S',
  '15.5(3)S0a',
  '15.5(3)S1',
  '15.5(3)S1a',
  '15.5(3)S2',
  '15.5(3)S3',
  '15.5(3)S4',
  '15.5(3)S5',
  '15.5(3)S6',
  '15.5(3)S6a',
  '15.5(3)S6b',
  '15.5(3)S7',
  '15.5(3)S8',
  '15.5(3)S9',
  '15.5(3)S9a',
  '15.5(3)S10',
  '15.5(3)S10a',
  '15.5(3)S10b',
  '15.5(3)S10c',
  '15.5(3)SN',
  '15.5(3)SN0a',
  '15.6(1)S',
  '15.6(1)S1',
  '15.6(1)S2',
  '15.6(1)S3',
  '15.6(1)S4',
  '15.6(1)SN',
  '15.6(1)SN1',
  '15.6(1)SN2',
  '15.6(1)SN3',
  '15.6(1)T',
  '15.6(1)T0a',
  '15.6(1)T1',
  '15.6(1)T2',
  '15.6(1)T3',
  '15.6(2)S',
  '15.6(2)S1',
  '15.6(2)S2',
  '15.6(2)S3',
  '15.6(2)S4',
  '15.6(2)SN',
  '15.6(2)SP',
  '15.6(2)SP1',
  '15.6(2)SP2',
  '15.6(2)SP3',
  '15.6(2)SP4',
  '15.6(2)SP5',
  '15.6(2)SP6',
  '15.6(2)SP7',
  '15.6(2)SP8',
  '15.6(2)SP8a',
  '15.6(2)SP9',
  '15.6(2)SP10',
  '15.6(2)T',
  '15.6(2)T0a',
  '15.6(2)T1',
  '15.6(2)T2',
  '15.6(2)T3',
  '15.6(3)M',
  '15.6(3)M0a',
  '15.6(3)M1',
  '15.6(3)M1a',
  '15.6(3)M1b',
  '15.6(3)M2',
  '15.6(3)M2a',
  '15.6(3)M3',
  '15.6(3)M3a',
  '15.6(3)M4',
  '15.6(3)M5',
  '15.6(3)M6',
  '15.6(3)M6a',
  '15.6(3)M6b',
  '15.6(3)M7',
  '15.6(3)M8',
  '15.6(3)M9',
  '15.6(3)SN',
  '15.6(4)SN',
  '15.6(5)SN',
  '15.6(7)SN',
  '15.6(7)SN1',
  '15.6(7)SN2',
  '15.7(3)M',
  '15.7(3)M0a',
  '15.7(3)M1',
  '15.7(3)M2',
  '15.7(3)M3',
  '15.7(3)M4',
  '15.7(3)M4a',
  '15.7(3)M4b',
  '15.7(3)M5',
  '15.7(3)M6',
  '15.7(3)M7',
  '15.7(3)M8',
  '15.7(3)M9',
  '15.7(3)M10',
  '15.8(3)M',
  '15.8(3)M0a',
  '15.8(3)M0b',
  '15.8(3)M1',
  '15.8(3)M1a',
  '15.8(3)M2',
  '15.8(3)M2a',
  '15.8(3)M3',
  '15.8(3)M3a',
  '15.8(3)M3b',
  '15.8(3)M4',
  '15.8(3)M5',
  '15.8(3)M6',
  '15.8(3)M7',
  '15.8(3)M8',
  '15.8(3)M9',
  '15.8(3)M9a',
  '15.8(3)M10',
  '15.9(3)M',
  '15.9(3)M0a',
  '15.9(3)M1',
  '15.9(3)M2',
  '15.9(3)M2a',
  '15.9(3)M3',
  '15.9(3)M3a',
  '15.9(3)M3b',
  '15.9(3)M4',
  '15.9(3)M4a',
  '15.9(3)M5',
  '15.9(3)M6',
  '15.9(3)M6a',
  '15.9(3)M6b',
  '15.9(3)M7',
  '15.9(3)M7a'
);

var workarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);
var workaround_params = WORKAROUND_CONFIG['router_lisp'];

var reporting = make_array(
  'port'    , product_info['port'],
  'severity', SECURITY_HOLE,
  'version' , product_info['version'],
  'bug_id'  , 'CSCwf36266',
  'cmds'    , ['show running-config'],
  'fix'     , 'See vendor advisory'
);

cisco::check_and_report(
  product_info:product_info,
  workarounds:workarounds,
  workaround_params:workaround_params,
  reporting:reporting,
  vuln_versions:version_list
);