Cisco ASA SIP Inspection DoS (CSCuf67469)

2014-05-02T00:00:00
ID CISCO-SN-CSCUF67469-ASA.NASL
Type nessus
Reporter Tenable
Modified 2018-07-06T00:00:00

Description

The remote Cisco Adaptive Security Appliance (ASA) Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak which can be exploited to create a denial of service condition.

The vulnerability is due to improper handling of Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability via specially crafted SIP packets.

                                        
                                            #TRUSTED 450674a6a89da9596a52f90423ef5551e2751e09a03ab175c6d9a67ff238b5b241647196e3eb8e2959da4531ab0791a0de383490bd4514037e4ebc5cb1fbe2c6d3fd9dd9c878174fa7f4cb8189837a5a3e3c599ba556700e55f84836434c47e0f74b5fe8a97991cdc851c0874962641d4813b20ed1b8499e85720f8229a201beefc22f2870c38c1e9cb2226e8aed63e4c9ce6f29dab518b67e8f584a0d763a97b5ac0f633810499fb6473e592e5b83bb38fdfd47ab2ff7545669bc04137b2cb8b6abb1675fcc6a8f1a26335086e1b6965e1f96e954e760610bc1b0c1f967acfbd13684ca58a2e218ee8a9aae4308af8bbcbbca931816d25ab6695036b0fc575fbcb7d34ab9760d3efe10a1c872c9860ab418b6e2f304827a5098bffba597ca639bc2fb204f7c148e972286ae142c92e98bb462df4fb40a4fe498d02a9b1bc46dee7d0813a4d1ba44fcc64308aa66965a6ad6f604039fb3f2d563dd6f1f8a9f9372964298332511493c544c36965341e7c87be5fefa82409a80ab4dfee61ee4385248df6203f35254725fa86f3cc8d407bb337ba85bc84b15d0e0b11d291bcf574373cdb255a510f2cd662f20a299a3b104e9304b735858c0ffcf22dfec65e26d917f45fcced4ab48ec51f57834dba5d56c5c364dfac182e48ab32e0e86fc5519c3f0e8ea8ace0701c1a3cdc5d3c405e3330f81f9e9a4efb5b2c7bc11c5186778
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(73827);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/06");

  script_cve_id("CVE-2014-2154");
  script_bugtraq_id(67036);
  script_xref(name:"CISCO-BUG-ID", value:"CSCuf67469");

  script_name(english:"Cisco ASA SIP Inspection DoS (CSCuf67469)");
  script_summary(english:"Checks ASA version");

  script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The remote Cisco Adaptive Security Appliance (ASA) Software contains a
vulnerability that could allow an unauthenticated, remote attacker to
cause a memory leak which can be exploited to create a denial of
service condition.

The vulnerability is due to improper handling of Session Initiation
Protocol (SIP) packets. An attacker could exploit this vulnerability
via specially crafted SIP packets.");
  # http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2154
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?729c7b90");

  script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in Cisco Bug Id CSCuf67469.

Alternatively, the vendor has provided a workaround that involves
disabling SIP inspection on the affected device.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/04/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:adaptive_security_appliance_software");

  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
  script_family(english:"CISCO");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/Cisco/ASA", "Host/Cisco/ASA/model");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

asa = get_kb_item_or_exit('Host/Cisco/ASA');
model = get_kb_item_or_exit('Host/Cisco/ASA/model');
version = extract_asa_version(asa);
if (isnull(version)) audit(AUDIT_FN_FAIL, 'extract_asa_version');

# Cisco ASA 5500-X Next Generation Firewall
if (model !~ '^55[0-9][0-9]-?X') audit(AUDIT_HOST_NOT, 'ASA 5500-X');

temp_flag = 0;
if (get_kb_item("Host/local_checks_enabled")) local_check = 1;

if (
  cisco_gen_ver_compare(a:version, b:"8.4(5)") == 0 ||
  cisco_gen_ver_compare(a:version, b:"8.4(5.6)") == 0
)
  temp_flag++;

if (local_check)
{
  if (temp_flag)
  {
    temp_flag = 0;
    buf = cisco_command_kb_item(
      "Host/Cisco/Config/show_service-policy-include-sip",
      "show service-policy | include sip"
    );
    if (check_cisco_result(buf))
    {
      if (preg(multiline:TRUE, icase:TRUE, pattern:"Inspect: sip", string:buf))
        temp_flag = 1;
    }
    else if (cisco_needs_enable(buf)) {temp_flag = 1; override = 1; }
  }
}

if (temp_flag)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 8.4(6.1) / 8.4(6.99) / 8.4(7)' +
      '\n';
    security_warning(port:0, extra:report + cisco_caveat(override));
  }
  else security_warning(0);
}
else audit(AUDIT_HOST_NOT, "affected");