Lucene search
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-NXOS-IPIP-DOS-KCT9X4.NASLHistoryJun 05, 2020 - 12:00 a.m.
Cisco NX-OS Software Unexpected IP in IP Packet Processing Vulnerability (cisco-sa-nxos-ipip-dos-kCT9X4)
2020-06-0500:00:00
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28
According to its self-reported version, the Cisco NX-OS Software is affected by a denial of service vulnerability in the network stack due to the affected device unexpectedly decapsulating and processing IP in IP packets that are destined to a locally configured IP address. An unauthenticated, remote attacker can exploit this issue by sending a crafted IP in IP packet to an affected device, to bypass certain security boundaries or cause a denial of service condition on an affected device.
#TRUSTED 9cca2b1be5035da5f115389678a3c8eb640098ab6b0101275a388a78c730ae93a9b7113dcc595117150cbfe82a7e408f0babd92675d6ad49228baaa60b612b0f2cb7a365ddb9e5272cf551eba509eb429a2041466411fcb0249f15ee978b2264c8b6f9692651258acd471c057558db7ba143fde12bcff934a42b0225ca55ed2f5143e2313588674993c9aac3dd2d3d40465de5444f618b74cbbe66fc039c02ab5612a74efcdbaf5e29a68fd93896de125e0d3ac4e75da6766f58c3b1c0ef3c76106ffb9a96de8c293673afa02c61eed77637d1b9f46412343b74a90accc943bb4ede27d59c353c8ed54388302eb5c88fc751c98bdaaadd4554a4c29214469a3d28f2d4e2296cadd34b685d2313876fcf92191ffbe0c8a153263a4254b6977d617d626ba85ad6a72901d32a96f885dd49174c1654f7371ff4ad2a5b6ec72648a8a3675a20b19cf044074514566de3283d6e985161aa70483a8e95b9233bf40660d166bb9457f2718e1c5a54707810c8b776eb47b5f10cfb25b7944abb282fb8e28ba03f93ad24e51924570b6e3b4a5c487df76891204a14d0f6f345656b0ba1913cffb1a8ac0ddc278b17a7e54791403dee394664f2c71aa83619f902fa20f802e375431b70fff9db4958117e7f2f076b9e67ec2be81e47985f81cb4b4475feb751c9bf7ae52459d8a2053c22f9ac27845ad8b123f115585fae156bee14c62d02
#TRUST-RSA-SHA256 7d2e85f256f9425e900caff44f3018607f8e03d5287c4dfff14fb4a54e287e765eef9f6ec8935244974e13a8016415a66fce86fed6fe136c6c5cdfa4ea4311173da9a4af2e0785adf4627e662aea8b64821854291014f0185b7d8f3a2779c3b950ba28607a1c3b6894cf9fb01afc18a0f04bca0103f9d6ab659f5f7dc8f2779ae1b2c8c2dbaaf95635a1c844b1528fe33be7f6d2733652621250074166a314f821a4114b7f66c593745ab389cd5d9de43c87292d897aa8aaa6842e326ccb45cf0a3598cdc1dcf134238cf1cea0999800ddd15be92b6e5d6bd9a512370a27045199864f3d58150ddde232d121afb97497ac8cf19a4ec409f0dea90fbb118c7609107c146b4c2bca7ed755ad96905471c160436a179a0c29a47255a1aac412e095a39ddbe4a7124c2d603a0d91cb8f8c99a70579ea2b60a5daf05982af9ebe8f1db49ad9d5bc84b39d72dbf3cacd86ad2aeb5157c8ecc1e3aba83ee919b5c05a4a2e4ad62c70102b55fbfd6753c824e2437fe7f934fa85dfa3abbd15b9565885dccb2b5fa36413cbf09a5444e295c56c1f661a9dcfee10cdc292a371de21edef81acb5cbeb27432f509d28e815a4ea4f022a8605e56d63a0f0c4b17d9b6ec4454dacca84a353d17561214c0b0780c36be59a45912d21565dda1e21e1a4d99ea9b3d695fc373639280646e3f0f6fe5b9a4ef1ccd0c7f18dfc697afc28e646868c31
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(137184);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");
script_cve_id("CVE-2020-10136");
script_xref(name:"CISCO-BUG-ID", value:"CSCun53663");
script_xref(name:"CISCO-BUG-ID", value:"CSCvt66624");
script_xref(name:"CISCO-BUG-ID", value:"CSCvt67738");
script_xref(name:"CISCO-BUG-ID", value:"CSCvt67739");
script_xref(name:"CISCO-BUG-ID", value:"CSCvt67740");
script_xref(name:"CISCO-BUG-ID", value:"CSCvu03158");
script_xref(name:"CISCO-BUG-ID", value:"CSCvu10050");
script_xref(name:"CISCO-SA", value:"cisco-sa-nxos-ipip-dos-kCT9X4");
script_xref(name:"IAVA", value:"2020-A-0233");
script_xref(name:"CEA-ID", value:"CEA-2020-0049");
script_name(english:"Cisco NX-OS Software Unexpected IP in IP Packet Processing Vulnerability (cisco-sa-nxos-ipip-dos-kCT9X4)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Cisco NX-OS Software is affected by a denial of service vulnerability in
the network stack due to the affected device unexpectedly decapsulating and processing IP in IP packets that are
destined to a locally configured IP address. An unauthenticated, remote attacker can exploit this issue by sending a
crafted IP in IP packet to an affected device, to bypass certain security boundaries or cause a denial of service
condition on an affected device.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0f50ed05");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCun53663");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt66624");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt67738");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt67739");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt67740");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu03158");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu10050");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version or apply the workaround referenced in Cisco bug IDs CSCun53663, CSCvt66624,
CSCvt67738, CSCvt67739, CSCvt67740, CSCvu03158 and CSCvu10050 or alternatively apply the workaround mentioned
in the advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-10136");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/01");
script_set_attribute(attribute:"patch_publication_date", value:"2020/06/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/05");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_nxos_version.nasl", "cisco_enum_smu.nasl");
script_require_keys("Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Model", "Host/Cisco/NX-OS/Device");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
product_info = cisco::get_product_info(name:'Cisco NX-OS Software');
cbi = '';
if ('Nexus' >< product_info.device)
{
if (product_info.model =~ "^10[0-9][0-9]"){
cbi = 'CSCvu10050, CSCvt67738';
version_list = make_list(
'5.2(1)SK3(1.1)',
'5.2(1)SK3(2.1)',
'5.2(1)SK3(2.1a)',
'5.2(1)SK3(2.2)',
'5.2(1)SK3(2.2b)',
'5.2(1)SM1(5.1)',
'5.2(1)SM1(5.2)',
'5.2(1)SM1(5.2a)',
'5.2(1)SM1(5.2b)',
'5.2(1)SM1(5.2c)',
'5.2(1)SM3(1.1)',
'5.2(1)SM3(1.1a)',
'5.2(1)SM3(1.1b)',
'5.2(1)SM3(1.1c)',
'5.2(1)SM3(2.1)',
'5.2(1)SV3(1.1)',
'5.2(1)SV3(1.10)',
'5.2(1)SV3(1.15)',
'5.2(1)SV3(1.2)',
'5.2(1)SV3(1.3)',
'5.2(1)SV3(1.4)',
'5.2(1)SV3(1.4b)',
'5.2(1)SV3(1.5a)',
'5.2(1)SV3(1.5b)',
'5.2(1)SV3(1.6)',
'5.2(1)SV3(2.1)',
'5.2(1)SV3(2.5)',
'5.2(1)SV3(2.8)',
'5.2(1)SV3(3.1)',
'5.2(1)SV3(3.15)',
'5.2(1)SV3(4.1)',
'5.2(1)SV3(4.1a)',
'5.2(1)SV3(4.1b)',
'5.2(1)SV5(1.1)',
'5.2(1)SV5(1.2)',
'5.2(1)SV5(1.3)'
);
}
if (product_info.model =~ "^3[0-9]{3}")
{
cbi = 'CSCun53663';
version_list = make_list(
'5.0(3)A1(1)',
'5.0(3)A1(2)',
'5.0(3)A1(2a)',
'5.0(3)U1(1)',
'5.0(3)U1(1a)',
'5.0(3)U1(1b)',
'5.0(3)U1(1c)',
'5.0(3)U1(1d)',
'5.0(3)U1(2)',
'5.0(3)U1(2a)',
'5.0(3)U2(1)',
'5.0(3)U2(2)',
'5.0(3)U2(2a)',
'5.0(3)U2(2b)',
'5.0(3)U2(2c)',
'5.0(3)U2(2d)',
'5.0(3)U3(1)',
'5.0(3)U3(2)',
'5.0(3)U3(2a)',
'5.0(3)U3(2b)',
'5.0(3)U4(1)',
'5.0(3)U5(1)',
'5.0(3)U5(1a)',
'5.0(3)U5(1b)',
'5.0(3)U5(1c)',
'5.0(3)U5(1d)',
'5.0(3)U5(1e)',
'5.0(3)U5(1f)',
'5.0(3)U5(1g)',
'5.0(3)U5(1h)',
'5.0(3)U5(1i)',
'5.0(3)U5(1j)',
'6.0(2)A1(1)',
'6.0(2)A1(1a)',
'6.0(2)A1(1b)',
'6.0(2)A1(1c)',
'6.0(2)A1(1d)',
'6.0(2)A1(1e)',
'6.0(2)A1(1f)',
'6.0(2)A1(2d)',
'6.0(2)A3(1)',
'6.0(2)A3(2)',
'6.0(2)A3(4)',
'6.0(2)A4(1)',
'6.0(2)A4(2)',
'6.0(2)A4(3)',
'6.0(2)A4(4)',
'6.0(2)A4(5)',
'6.0(2)A4(6)',
'6.0(2)U1(1)',
'6.0(2)U1(1a)',
'6.0(2)U1(2)',
'6.0(2)U1(3)',
'6.0(2)U1(4)',
'6.0(2)U2(1)',
'6.0(2)U2(2)',
'6.0(2)U2(3)',
'6.0(2)U2(4)',
'6.0(2)U2(5)',
'6.0(2)U2(6)',
'6.0(2)U3(1)',
'6.0(2)U3(2)',
'6.0(2)U3(3)',
'6.0(2)U3(4)',
'6.0(2)U3(5)',
'6.0(2)U3(6)',
'6.0(2)U3(7)',
'6.0(2)U3(8)',
'6.0(2)U3(9)',
'6.0(2)U4(1)',
'6.0(2)U4(2)',
'6.0(2)U4(3)',
'6.0(2)U4(4)',
'6.1(2)I2(2a)',
'6.1(2)I2(2b)',
'6.1(2)I3(1)',
'6.1(2)I3(2)',
'6.1(2)I3(3)',
'6.1(2)I3(3a)',
'7.0(3)I1(1)',
'7.0(3)I1(1a)',
'7.0(3)I1(1b)',
'7.0(3)I1(1z)'
);
}
if (product_info.model =~ "^5[56][0-9][0-9]"){
cbi = 'CSCvt67739';
version_list = make_list(
'5.2(1)N1(1)',
'5.2(1)N1(1a)',
'5.2(1)N1(1b)',
'5.2(1)N1(2)',
'5.2(1)N1(2a)',
'5.2(1)N1(3)',
'5.2(1)N1(4)',
'5.2(1)N1(5)',
'5.2(1)N1(6)',
'5.2(1)N1(7)',
'5.2(1)N1(8)',
'5.2(1)N1(8a)',
'5.2(1)N1(8b)',
'5.2(1)N1(9)',
'5.2(1)N1(9a)',
'5.2(1)N1(9b)',
'6.0(2)N1(1)',
'6.0(2)N1(1a)',
'6.0(2)N1(2)',
'6.0(2)N1(2a)',
'6.0(2)N2(1)',
'6.0(2)N2(1b)',
'6.0(2)N2(2)',
'6.0(2)N2(3)',
'6.0(2)N2(4)',
'6.0(2)N2(5)',
'6.0(2)N2(5a)',
'6.0(2)N2(5b)',
'6.0(2)N2(6)',
'6.0(2)N2(7)',
'7.0(0)N1(1)',
'7.0(1)N1(1)',
'7.0(2)N1(1)',
'7.0(3)N1(1)',
'7.0(4)N1(1)',
'7.0(4)N1(1a)',
'7.0(5)N1(1)',
'7.0(5)N1(1a)',
'7.0(6)N1(1)',
'7.0(6)N1(2s)',
'7.0(6)N1(3s)',
'7.0(6)N1(4s)',
'7.0(7)N1(1)',
'7.0(7)N1(1a)',
'7.0(7)N1(1b)',
'7.0(8)N1(1)',
'7.0(8)N1(1a)',
'7.1(0)N1(1)',
'7.1(0)N1(1a)',
'7.1(0)N1(1b)',
'7.1(1)N1(1)',
'7.1(1)N1(1a)',
'7.1(2)N1(1)',
'7.1(2)N1(1a)',
'7.1(3)N1(1)',
'7.1(3)N1(2)',
'7.1(3)N1(2a)',
'7.1(3)N1(3)',
'7.1(3)N1(4)',
'7.1(3)N1(5)',
'7.1(4)N1(1)',
'7.1(4)N1(1a)',
'7.1(4)N1(1c)',
'7.1(4)N1(1d)',
'7.1(5)N1(1)',
'7.1(5)N1(1b)',
'7.2(0)N1(1)',
'7.2(1)N1(1)',
'7.3(0)N1(1)',
'7.3(0)N1(1a)',
'7.3(0)N1(1b)',
'7.3(1)N1(1)',
'7.3(2)N1(1)',
'7.3(2)N1(1b)',
'7.3(2)N1(1c)',
'7.3(3)N1(1)',
'7.3(4)N1(1)',
'7.3(4)N1(1a)',
'7.3(5)N1(1)',
'7.3(6)N1(1)',
'7.3(6)N1(1a)',
'7.3(7)N1(1)',
'7.3(7)N1(1a)'
);
}
if (product_info.model =~ "^60[0-9][0-9]"){
cbi = 'CSCvt67739';
version_list = make_list(
'6.0(2)N1(1)',
'6.0(2)N1(1a)',
'6.0(2)N1(2)',
'6.0(2)N1(2a)',
'6.0(2)N2(1)',
'6.0(2)N2(1b)',
'6.0(2)N2(2)',
'6.0(2)N2(3)',
'6.0(2)N2(4)',
'6.0(2)N2(5)',
'6.0(2)N2(5a)',
'6.0(2)N2(5b)',
'6.0(2)N2(6)',
'6.0(2)N2(7)',
'7.0(0)N1(1)',
'7.0(1)N1(1)',
'7.0(2)N1(1)',
'7.0(3)N1(1)',
'7.0(4)N1(1)',
'7.0(4)N1(1a)',
'7.0(5)N1(1)',
'7.0(5)N1(1a)',
'7.0(6)N1(1)',
'7.0(6)N1(2s)',
'7.0(6)N1(3s)',
'7.0(6)N1(4s)',
'7.0(7)N1(1)',
'7.0(7)N1(1a)',
'7.0(7)N1(1b)',
'7.0(8)N1(1)',
'7.0(8)N1(1a)',
'7.1(0)N1(1)',
'7.1(0)N1(1a)',
'7.1(0)N1(1b)',
'7.1(1)N1(1)',
'7.1(1)N1(1a)',
'7.1(2)N1(1)',
'7.1(2)N1(1a)',
'7.1(3)N1(1)',
'7.1(3)N1(2)',
'7.1(3)N1(2a)',
'7.1(3)N1(3)',
'7.1(3)N1(4)',
'7.1(3)N1(5)',
'7.1(4)N1(1)',
'7.1(4)N1(1a)',
'7.1(4)N1(1c)',
'7.1(4)N1(1d)',
'7.1(5)N1(1)',
'7.1(5)N1(1b)',
'7.2(0)N1(1)',
'7.2(1)N1(1)',
'7.3(0)N1(1)',
'7.3(0)N1(1a)',
'7.3(0)N1(1b)',
'7.3(1)N1(1)',
'7.3(2)N1(1)',
'7.3(2)N1(1b)',
'7.3(2)N1(1c)',
'7.3(3)N1(1)',
'7.3(4)N1(1)',
'7.3(4)N1(1a)',
'7.3(5)N1(1)',
'7.3(6)N1(1)',
'7.3(6)N1(1a)',
'7.3(7)N1(1)',
'7.3(7)N1(1a)'
);
}
if (product_info.model =~ "^70[0-9][0-9]")
{
cbi = 'CSCvt66624';
smus['7.3(6)D1(1)'] = 'CSCvt66624';
version_list = make_list(
'5.2(1)',
'5.2(3)',
'5.2(3a)',
'5.2(4)',
'5.2(5)',
'5.2(7)',
'5.2(9)',
'5.2(9a)',
'6.2(10)',
'6.2(12)',
'6.2(14)',
'6.2(14a)',
'6.2(14b)',
'6.2(16)',
'6.2(18)',
'6.2(2)',
'6.2(20)',
'6.2(20a)',
'6.2(22)',
'6.2(24)',
'6.2(2a)',
'6.2(6)',
'6.2(6a)',
'6.2(6b)',
'6.2(8)',
'6.2(8a)',
'6.2(8b)',
'7.2(0)D1(1)',
'7.2(1)D1(1)',
'7.2(2)D1(1)',
'7.2(2)D1(2)',
'7.2(2)D1(3)',
'7.2(2)D1(4)',
'7.3(0)D1(1)',
'7.3(0)DX(1)',
'7.3(1)D1(1)',
'7.3(2)D1(1)',
'7.3(2)D1(1d)',
'7.3(2)D1(2)',
'7.3(2)D1(3)',
'7.3(2)D1(3a)',
'7.3(3)D1(1)',
'7.3(4)D1(1)',
'7.3(5)D1(1)',
'7.3(6)D1(1)'
);
}
if (product_info.model =~ "^90[0-9][0-9]")
{
cbi = 'CSCun53663';
version_list = make_list(
'6.1(2)I1(2)',
'6.1(2)I1(3)',
'6.1(2)I2(1)',
'6.1(2)I2(2)',
'6.1(2)I2(2a)',
'6.1(2)I2(2b)',
'6.1(2)I2(3)',
'6.1(2)I3(1)',
'6.1(2)I3(2)',
'6.1(2)I3(3)',
'6.1(2)I3(3a)',
'7.0(3)I1(1)',
'7.0(3)I1(1a)',
'7.0(3)I1(1b)',
'7.0(3)I1(1z)'
);
}
}
if (empty_or_null(cbi)) audit(AUDIT_HOST_NOT, 'an affected model');
if (report_paranoia < 2)
audit(AUDIT_PARANOID);
workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);
workaround_params = make_list();
reporting = make_array(
'port' , 0,
'severity' , SECURITY_WARNING,
'version' , product_info.version,
'bug_id' , cbi,
'disable_caveat', TRUE
);
cisco::check_and_report(
product_info:product_info,
workarounds:workarounds,
workaround_params:workaround_params,
reporting:reporting,
vuln_versions:version_list,
switch_only:TRUE,
smus:smus
);
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10136
www.nessus.org/u?0f50ed05
bst.cloudapps.cisco.com/bugsearch/bug/CSCun53663
bst.cloudapps.cisco.com/bugsearch/bug/CSCvt66624
bst.cloudapps.cisco.com/bugsearch/bug/CSCvt67738
bst.cloudapps.cisco.com/bugsearch/bug/CSCvt67739
bst.cloudapps.cisco.com/bugsearch/bug/CSCvt67740
bst.cloudapps.cisco.com/bugsearch/bug/CSCvu03158
bst.cloudapps.cisco.com/bugsearch/bug/CSCvu10050
Related
hackerone
hackerone
cisco
cisco
Cisco NX-OS Software Unexpected IP in IP Packet Processing Vulnerability
2020-06-01 16:00:00
f5
f5
K44453423 : IP-in-IP Packet Processing vulnerability CVE-2020-10136
2020-07-01 00:00:00
redhatcve
redhatcve
CVE-2020-10136
2020-06-10 06:54:44
cert
cert
IP-in-IP protocol routes arbitrary traffic by default
2020-06-02 00:00:00
prion
prion
Improper access control
2020-06-02 09:15:00
nessus
nessus
Cisco NX-OS Software Unexpected IP in IP Packet Processing (CVE-2020-10136)
2023-07-25 00:00:00
cve
cve
CVE-2020-10136
2020-06-02 09:15:00
threatpost
threatpost
Severe Cisco DoS Flaw Can Cripple Nexus Switches
2020-06-02 16:16:31
Related for CISCO-SA-NXOS-IPIP-DOS-KCT9X4.NASL