Cisco IOS XE IPv6 DoS

2015-04-06T00:00:00
ID CISCO-SN-CSCUB68073-IOSXE.NASL
Type nessus
Reporter Tenable
Modified 2018-11-15T00:00:00

Description

The Cisco IOS XE software running on the remote device is affected by a denial of service vulnerability due to improper parsing of IPv6 packets. An unauthenticated, remote attacker, using crafted IPv6 packets, can exploit this to cause a device reload.

                                        
                                            #TRUSTED 84f71b596860863a749b81fa7d0d1df42427da0b81ec7015ba08ab015afffb25023481865fb53113fa4a4d1eaece47027b764b46feefa353ff5daff05b53239adc195021534fa5cd5a3dc4573d6757f2fc715b08bc2d044074f26c1eea7297b457e1bedf8a38b39cabf832e28d683c39970a1fb97a95ed860595b9153f833666b074226c5d407f6f4462452c07c317ce23aaa1bddbbb405374afef11d3db3ac65b7c616c1c5630f26025d43aeb32c534bf38abe177e24525162776b28752fe3b45b9066982fd9ffb617b38d61771b9b0e6b139a844782cce9ab6b40fc533d19e53adee2b0583069c1b9989d878573184f9cb3ad9694ee22ca36ee9f27e909d48eeb186eafc5d925434795f07c75744a909fd6ab63e97b68f4dac2246d9fca099f2500a48710e375961297dbb1ea45e6f5c1d0c8aefcc86525a133a04324c5776d3e2721a8e1fbc3e116ee457797c05db91231c370b18eb768d63394fee6ee767fbed2f45ca9f33f2d10de6c25a37388e971a12b0bbd02734ff3bff167684e762c009f5d2488b8d3ef15e539da7b9829911434b946ebc246cac8fb3f346f922755eebfa082b7e19c42e7109c0e47baee8ae1f0f742f19e0b68496ab5144a6e7c5bcb42f496991965259e14ff7bb6526b2cd4b9ec3c5a0ddc0e94c8ae62699caec5d1f790a8b8b3d512aabbc79ea7daff1cec799d0761dd9787bd101ef4fdce4b9
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(82587);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15");

  script_cve_id("CVE-2015-0641");
  script_bugtraq_id(73337);
  script_xref(name:"CISCO-BUG-ID", value:"CSCub68073");

  script_name(english:"Cisco IOS XE IPv6 DoS");
  script_summary(english:"Checks the IOS XE version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is affected by a denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"The Cisco IOS XE software running on the remote device is affected by
a denial of service vulnerability due to improper parsing of IPv6
packets. An unauthenticated, remote attacker, using crafted IPv6
packets, can exploit this to cause a device reload.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe#@ID
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d4cbb5bb");
  script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/bugsearch/bug/CSCub68073");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in the Cisco Security Advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");

  script_dependencies("cisco_ios_xe_version.nasl");
  script_require_keys("Host/Cisco/IOS-XE/Version");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

flag = 0;

version = get_kb_item_or_exit("Host/Cisco/IOS-XE/Version");

# CVRF
if (version == "3.1.0S") flag++;
if (version == "3.1.1S") flag++;
if (version == "3.1.2S") flag++;
if (version == "3.1.3S") flag++;
if (version == "3.1.4S") flag++;
if (version == "3.1.5S") flag++;
if (version == "3.1.6S") flag++;
if (version == "3.2.0S") flag++;
if (version == "3.2.1S") flag++;
if (version == "3.2.2S") flag++;
if (version == "3.2.3S") flag++;
if (version == "3.3.0S") flag++;
if (version == "3.3.1S") flag++;
if (version == "3.3.2S") flag++;
if (version == "3.4.0S") flag++;
if (version == "3.4.1S") flag++;
if (version == "3.4.2S") flag++;
if (version == "3.4.3S") flag++;
if (version == "3.4.4S") flag++;
if (version == "3.4.5S") flag++;
if (version == "3.4.6S") flag++;
if (version == "3.5.0S") flag++;
if (version == "3.5.1S") flag++;
if (version == "3.5.2S") flag++;
if (version == "3.6.0S") flag++;
if (version == "3.6.1S") flag++;
if (version == "3.6.2S") flag++;
if (version == "3.7.0S") flag++;
if (version == "3.7.1S") flag++;
if (version == "3.7.2S") flag++;
if (version == "3.7.3S") flag++;
if (version == "3.7.4S") flag++;
if (version == "3.7.5S") flag++;
if (version == "3.7.6S") flag++;
if (version == "3.7.7S") flag++;
if (version == "3.8.0S") flag++;
if (version == "3.8.1S") flag++;
if (version == "3.8.2S") flag++;

# From SA (and not covered by Bug or CVRF)
if (version =~ "^2\.") flag++;

# Check NAT config
if (flag > 0)
{
  flag = 0;
  buf = cisco_command_kb_item("Host/Cisco/Config/show_running-config", "show running-config");
  if (check_cisco_result(buf))
  {
    if (
      (preg(multiline:TRUE, pattern:"^ipv6 address ", string:buf)) &&
      (preg(multiline:TRUE, pattern:"^ipv6 enable ", string:buf))
    ) flag = 1;
  } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; }
}

if (flag)
{
  if (report_verbosity > 0)
  {
    report =
    '\n  Cisco bug ID      : CSCub68073' +
    '\n  Installed release : ' + version;
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");