Cisco IOS XE Software SSH DoS (cisco-sa-ssh-excpt-dos-FzOBQTnk)

#TRUSTED 0e5aacc18979ef5641707796f3c062d6a3683dcf0fe61b130242f96b6e1b808c6b630b97fcc76349448bef8c5f400e3634217161d5952024e00fdc138876c2361520a838f2eaa8ea4d1898b847b0a0a45f9313f6b8d1e79dcf98d1e25f23e1f6c9f8254bfc46b5c8159bc0edea4dc98c47475f011f4ec79c380182739f1bec1c6a87085a15186e1e247333e9d9035fe927e0d5d8b270061b14ad3a90692f8bbfac355cdb9ec358481d551ae83fa463fde574df94742e79d339d38227890e449b72d0685b0cc21c030c3ab4a1e7f386b5803fedac5788bb8b0786a9469f78933600d6c30471364935d4af5748be14ae68940199754a1c1ed88a8929797496ef13c366d8fb23829c93c47592cf857e205acd001d78200e7393d6e4873ff3e619173a526f8070a72051bb4ef0538dc42be23eb263295739f393c5f14915692b8fc0e826a5b5f6745d7daed64a996cce5872910280a35fcf19b6e04dcf9125ccb8466d4cfcd1061dfd259482b9b54f2d3fe8edd2783ce261e9cafcb61ff81650559f5c5b415d76c3de76ecfcc7bb244c9490c49b5af6b5942abf9ea34145bcec86ae5016ac0ac29aac8b6d3dfdf4450c28a6bb04c320769a06f58318177912ff6b50c786bac73801cf5619992dacf721483063aef38b383b81a508e94bc9c1b670a06848c56b050de5e4ad1752e75277fdbc416b5bdd64231b7ee842ccd3c7d989f9
#TRUST-RSA-SHA256 7bda7cc0eb5762d9f6e7340e2382179a3f2a917c79824cbc44ff30e94fb5e71a54a7cc13456204bf56a7e3969c2892321204b3cdd3bb9cf744a798197afbf8c5d2d6885160257a0f0c2a22ee6a07f2efc4ea15e0c94db3d7c52d00cae7a5bf9d7f861f17edb68c41f1743739292f8ebccb5ae1412c69f27bf5bc103fdbad34c0847ac4ec543a6bd5f6bb12a552fa905696b70c52b3bf32fbaab6e636493fdb40685e0ee93eb0220052cf59a1e157e8ef746e9c66b3468c13ddfda988cc581938a0f16816824f7ae66102b8e58f5942405e3b6bae80e6cbb28a87370f65194d3a1de5244372d31fa99e01646f55fa0362ad24af7e094e0797bc1d1dc5aa664473c4c76f7bcefd5c3aa6d496ab00d57b4780dec002cc7026aecdbc9eaebd28c0342e3c30748cafa26c3e3b0e072ecbd9447fdc6108992ce38e077bf60bafb14b7b027b44f8f6a761a1135e0ecfbe3577f816028ba377f41bec47a37afdda26005a555bfc31a57b5554e31f5966397ae117e1e31bcdc146be931dd6bc255dd2535de1d7be2cc0a19845962bf33eb87526f495f7f86b30293e9f282b374f5e96a1a33016954f05609979b451cb03390991f9f38082c6e6a1de4a77cbf3d0c2db1a33ea7f7517f80acaad60ae8324f2eed558813bd5b7d069de61dbdbe1a2afa217580c9d6dd6da6b3496a6314f63389c90641f40d94a79eb4e9017822f0e0875a57d
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(165675);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/23");

  script_cve_id("CVE-2022-20920");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvx63027");
  script_xref(name:"CISCO-SA", value:"cisco-sa-ssh-excpt-dos-FzOBQTnk");

  script_name(english:"Cisco IOS XE Software SSH DoS (cisco-sa-ssh-excpt-dos-FzOBQTnk)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS Software and Cisco IOS XE Software is affected by denial of service
vulnerability. An authenticated, remote attacker can exploit this, by continuously connecting to an affected device and 
sending specific SSH requests to cause an affected device to reload.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8ebb8198");
  script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74745");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx63027");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvx63027");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-20920");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/09/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/09/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/05");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_xe_version.nasl");
  script_require_keys("Host/Cisco/IOS-XE/Version");

  exit(0);
}

include('cisco_workarounds.inc');
include('ccf.inc');

var product_info = cisco::get_product_info(name:'Cisco IOS XE Software');

var version_list=make_list(
  '3.2.0SE',
  '3.2.1SE',
  '3.2.2SE',
  '3.2.3SE',
  '3.3.0SE',
  '3.3.0SG',
  '3.3.0XO',
  '3.3.1SE',
  '3.3.1SG',
  '3.3.1XO',
  '3.3.2SE',
  '3.3.2SG',
  '3.3.2XO',
  '3.3.3SE',
  '3.3.4SE',
  '3.3.5SE',
  '3.4.0SG',
  '3.4.1SG',
  '3.4.2SG',
  '3.4.3SG',
  '3.4.4SG',
  '3.4.5SG',
  '3.4.6SG',
  '3.4.7SG',
  '3.4.8SG',
  '3.5.0E',
  '3.5.1E',
  '3.5.2E',
  '3.5.3E',
  '3.6.0E',
  '3.6.0aE',
  '3.6.0bE',
  '3.6.1E',
  '3.6.2E',
  '3.6.2aE',
  '3.6.3E',
  '3.6.4E',
  '3.6.5E',
  '3.6.5aE',
  '3.6.5bE',
  '3.6.6E',
  '3.6.7E',
  '3.6.7aE',
  '3.6.7bE',
  '3.6.8E',
  '3.6.9E',
  '3.6.9aE',
  '3.6.10E',
  '3.7.0E',
  '3.7.0S',
  '3.7.0bS',
  '3.7.0xaS',
  '3.7.0xbS',
  '3.7.1E',
  '3.7.1S',
  '3.7.1aS',
  '3.7.2E',
  '3.7.2S',
  '3.7.2tS',
  '3.7.3E',
  '3.7.3S',
  '3.7.4E',
  '3.7.4S',
  '3.7.4aS',
  '3.7.5E',
  '3.7.5S',
  '3.7.6S',
  '3.7.7S',
  '3.7.8S',
  '3.8.0E',
  '3.8.0S',
  '3.8.1E',
  '3.8.1S',
  '3.8.2E',
  '3.8.2S',
  '3.8.3E',
  '3.8.4E',
  '3.8.5E',
  '3.8.5aE',
  '3.8.6E',
  '3.8.7E',
  '3.8.8E',
  '3.8.9E',
  '3.8.10E',
  '3.8.10cE',
  '3.9.0E',
  '3.9.0S',
  '3.9.0aS',
  '3.9.0xaS',
  '3.9.1E',
  '3.9.1S',
  '3.9.1aS',
  '3.9.2E',
  '3.9.2S',
  '3.9.2bE',
  '3.10.0E',
  '3.10.0S',
  '3.10.0cE',
  '3.10.1E',
  '3.10.1S',
  '3.10.1aE',
  '3.10.1sE',
  '3.10.1xbS',
  '3.10.1xcS',
  '3.10.2E',
  '3.10.2S',
  '3.10.2aS',
  '3.10.2tS',
  '3.10.3E',
  '3.10.3S',
  '3.10.4S',
  '3.10.5S',
  '3.10.6S',
  '3.10.7S',
  '3.10.8S',
  '3.10.8aS',
  '3.10.9S',
  '3.10.10S',
  '3.11.0E',
  '3.11.0S',
  '3.11.1E',
  '3.11.1S',
  '3.11.1aE',
  '3.11.2E',
  '3.11.2S',
  '3.11.2aE',
  '3.11.3E',
  '3.11.3S',
  '3.11.3aE',
  '3.11.4E',
  '3.11.4S',
  '3.11.5E',
  '3.11.6E',
  '3.12.0S',
  '3.12.0aS',
  '3.12.1S',
  '3.12.2S',
  '3.12.3S',
  '3.12.4S',
  '3.13.0S',
  '3.13.0aS',
  '3.13.1S',
  '3.13.2S',
  '3.13.2aS',
  '3.13.3S',
  '3.13.4S',
  '3.13.5S',
  '3.13.5aS',
  '3.13.6S',
  '3.13.6aS',
  '3.13.6bS',
  '3.13.7S',
  '3.13.7aS',
  '3.13.8S',
  '3.13.9S',
  '3.13.10S',
  '3.14.0S',
  '3.14.1S',
  '3.14.2S',
  '3.14.3S',
  '3.14.4S',
  '3.15.0S',
  '3.15.1S',
  '3.15.1cS',
  '3.15.1xbS',
  '3.15.2S',
  '3.15.2xbS',
  '3.15.3S',
  '3.15.4S',
  '3.16.0S',
  '3.16.0aS',
  '3.16.0bS',
  '3.16.0cS',
  '3.16.1S',
  '3.16.1aS',
  '3.16.2S',
  '3.16.2aS',
  '3.16.2bS',
  '3.16.3S',
  '3.16.3aS',
  '3.16.4S',
  '3.16.4aS',
  '3.16.4bS',
  '3.16.4cS',
  '3.16.4dS',
  '3.16.4eS',
  '3.16.4gS',
  '3.16.5S',
  '3.16.5aS',
  '3.16.5bS',
  '3.16.6S',
  '3.16.6bS',
  '3.16.7S',
  '3.16.7aS',
  '3.16.7bS',
  '3.16.8S',
  '3.16.9S',
  '3.16.10S',
  '3.16.10aS',
  '3.16.10bS',
  '3.17.0S',
  '3.17.1S',
  '3.17.1aS',
  '3.17.2S',
  '3.17.3S',
  '3.17.4S',
  '3.18.0S',
  '3.18.0SP',
  '3.18.0aS',
  '3.18.1S',
  '3.18.1SP',
  '3.18.1aSP',
  '3.18.1bSP',
  '3.18.1cSP',
  '3.18.1gSP',
  '3.18.1hSP',
  '3.18.1iSP',
  '3.18.2S',
  '3.18.2SP',
  '3.18.2aSP',
  '3.18.3S',
  '3.18.3SP',
  '3.18.3aSP',
  '3.18.3bSP',
  '3.18.4S',
  '3.18.4SP',
  '3.18.5SP',
  '3.18.6SP',
  '3.18.7SP',
  '3.18.8SP',
  '3.18.8aSP',
  '3.18.9SP',
  '16.1.1',
  '16.1.2',
  '16.1.3',
  '16.2.1',
  '16.2.2',
  '16.3.1',
  '16.3.1a',
  '16.3.2',
  '16.3.3',
  '16.3.4',
  '16.3.5',
  '16.3.5b',
  '16.3.6',
  '16.3.7',
  '16.3.8',
  '16.3.9',
  '16.3.10',
  '16.3.11',
  '16.4.1',
  '16.4.2',
  '16.4.3',
  '16.5.1',
  '16.5.1a',
  '16.5.1b',
  '16.5.2',
  '16.5.3',
  '16.6.1',
  '16.6.2',
  '16.6.3',
  '16.6.4',
  '16.6.4a',
  '16.6.4s',
  '16.6.5',
  '16.6.5a',
  '16.6.5b',
  '16.6.6',
  '16.6.7',
  '16.6.7a',
  '16.6.8',
  '16.6.9',
  '16.6.10',
  '16.7.1',
  '16.7.1a',
  '16.7.1b',
  '16.7.2',
  '16.7.3',
  '16.7.4',
  '16.8.1',
  '16.8.1a',
  '16.8.1b',
  '16.8.1c',
  '16.8.1d',
  '16.8.1e',
  '16.8.1s',
  '16.8.2',
  '16.8.3',
  '16.9.1',
  '16.9.1a',
  '16.9.1b',
  '16.9.1c',
  '16.9.1d',
  '16.9.1s',
  '16.9.2',
  '16.9.2a',
  '16.9.2s',
  '16.9.3',
  '16.9.3a',
  '16.9.3h',
  '16.9.3s',
  '16.9.4',
  '16.9.4c',
  '16.9.5',
  '16.9.5f',
  '16.9.6',
  '16.9.7',
  '16.9.8',
  '16.10.1',
  '16.10.1a',
  '16.10.1b',
  '16.10.1c',
  '16.10.1d',
  '16.10.1e',
  '16.10.1f',
  '16.10.1g',
  '16.10.1s',
  '16.10.2',
  '16.10.3',
  '16.11.1',
  '16.11.1a',
  '16.11.1b',
  '16.11.1c',
  '16.11.1s',
  '16.11.2',
  '16.12.1',
  '16.12.1a',
  '16.12.1c',
  '16.12.1s',
  '16.12.1t',
  '16.12.1w',
  '16.12.1x',
  '16.12.1y',
  '16.12.1z',
  '16.12.1z1',
  '16.12.1z2',
  '16.12.2',
  '16.12.2a',
  '16.12.2s',
  '16.12.2t',
  '16.12.3',
  '16.12.3a',
  '16.12.3s',
  '16.12.4',
  '16.12.4a',
  '16.12.5',
  '16.12.5a',
  '16.12.5b',
  '17.1.1',
  '17.1.1a',
  '17.1.1s',
  '17.1.1t',
  '17.1.2',
  '17.1.3',
  '17.2.1',
  '17.2.1a',
  '17.2.1r',
  '17.2.1v',
  '17.2.2',
  '17.2.3',
  '17.3.1',
  '17.3.1a',
  '17.3.1w',
  '17.3.1x',
  '17.3.1z',
  '17.3.2',
  '17.3.2a',
  '17.3.3',
  '17.3.3a',
  '17.3.4',
  '17.3.4a',
  '17.3.4b',
  '17.3.4c',
  '17.3.5',
  '17.3.5a',
  '17.4.1',
  '17.4.1a',
  '17.4.1b',
  '17.4.1c',
  '17.4.2',
  '17.4.2a',
  '17.5.1',
  '17.5.1a'
);

var workarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);
var workaround_params = WORKAROUND_CONFIG['ios_ssh_enabled'];

var reporting = make_array(
  'port'    , product_info['port'],
  'severity', SECURITY_WARNING,
  'version' , product_info['version'],
  'cmds'    , make_list('show ip ssh'),
  'bug_id'  , 'CSCvx63027'
);

cisco::check_and_report(
  product_info:product_info,
  workarounds:workarounds,
  workaround_params:workaround_params,
  reporting:reporting,
  vuln_versions:version_list
);