Cisco NX-OS Software BGP DoS (CSCtn13055)

2013-10-16T00:00:00
ID CISCO-SN-CSCTN13055-NXOS.NASL
Type nessus
Reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-09-02T00:00:00

Description

A vulnerability in the Border Gateway Protocol (BGP) component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition by causing the BGP service to reset and resync.

The vulnerability is due to improper filtering of invalid AS Path values. An attacker could exploit this vulnerability by sending a malformed BGP update to a downstream peer of the affected device. A successful exploit could result in the downstream peers resetting the BGP connection with the affected device.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text in this plugin was extracted from Cisco
# Security Notice CVE-2012-4098. The text itself is copyright
# (C) Cisco.
#

include("compat.inc");

if (description)
{
  script_id(70457);
  script_version("1.6");
  script_cvs_date("Date: 2019/11/27");

  script_cve_id("CVE-2012-4098");
  script_bugtraq_id(62858);
  script_xref(name:"CISCO-BUG-ID", value:"CSCtn13055");

  script_name(english:"Cisco NX-OS Software BGP DoS (CSCtn13055)");
  script_summary(english:"Checks the NX-OS version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in the Border Gateway Protocol (BGP) component of
Cisco NX-OS Software could allow an unauthenticated, remote attacker
to create a denial of service (DoS) condition by causing the BGP
service to reset and resync.

The vulnerability is due to improper filtering of invalid AS Path
values. An attacker could exploit this vulnerability by sending a
malformed BGP update to a downstream peer of the affected device. A
successful exploit could result in the downstream peers resetting the
BGP connection with the affected device.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4098
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?06eb3b7d");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in Cisco bug ID CSCtn13055.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4098");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/10/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/16");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_nxos_version.nasl");
  script_require_keys("Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Device", "Host/Cisco/NX-OS/Model");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");

device = get_kb_item_or_exit("Host/Cisco/NX-OS/Device");
model = get_kb_item_or_exit("Host/Cisco/NX-OS/Model");
version = get_kb_item_or_exit("Host/Cisco/NX-OS/Version");

# only affects nexus 7000 series systems
if (device != 'Nexus' || model !~ '^7[0-9][0-9][0-9]([^0-9]|$)') audit(AUDIT_HOST_NOT, "affected");

flag = 0;
if (
  cisco_gen_ver_compare(a:version, b:"5.2(0.180)S14") >= 0 &&
  cisco_gen_ver_compare(a:version, b:"5.2(0.218)S0") == -1
) flag++;

if (flag)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Model             : ' + device + ' ' + model +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 5.2(0.218)S0' + 
      '\n';
    security_warning(port:0, extra:report);
  }
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");