Lucene search
+L

Cisco IOS XR MPLS and Network Processor (NP) Chip DoS (Typhoon-based Line Cards)

🗓️ 18 Aug 2014 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 29 Views

The remote Cisco device is missing a vendor-supplied security patch related to Cisco IOS XR MPLS and Network Processor (NP) Chip DoS (Typhoon-based Line Cards)

Related
Refs
Code
ReporterTitlePublishedViews
Family
cisco
Cisco IOS XR Software MPLS Packet Denial of Service Vulnerability
15 Jul 201418:30
cisco
cve
CVE-2014-3321
18 Jul 201401:00
cve
cvelist
CVE-2014-3321
18 Jul 201401:00
cvelist
euvd
EUVD-2014-3334
7 Oct 202500:30
euvd
nvd
CVE-2014-3321
18 Jul 201400:55
nvd
prion
Design/Logic Flaw
18 Jul 201400:55
prion
#TRUSTED 669295228f48796de2386672109131a16bdd4ca29eb6cd34ca4c139a05444822e51f210ab5bf650ae0dfe78583b2622572aa275d23dc4c00cdfc3e2c67e74d55452394eebade0915d1addc130cc86aea542e268fc62b73d54d38dc4334be318b6767e7141db512d2ad2b5cb0a3c7e8a8e066ed2d62d48d92fad0a238038e3a0f8a99860431c2f64495c4891023eb14461b8208fd326b024d8ac1d2ee09a05a80665cfe9c1cbcff191c3cb8e18382faaaf936fc25955f842d3fb7c2b58d1bf78b3eb44d14ae1e842e7aa67ad74199778ef8783dc549436df4ac6b96cd43b95034618dd96083c86436c22ba55ef10c3331d7044878e3d2844caa84cada9aa4946811606eca342ef9d615fd9c254b5f87b4d70e95dd73e9ad131ae055ea4ffefe67ed4d917f48c8719c411caed2d534276cb98eb9aeff21948af5ca3e554049dfb6669c224860e3966eb84ea00ad09328c636e6a0b464b51bbd387f0bcb664f84f591a12d62cd008705312d3e93698b1bf5a48d30984b4ce1f5a2b02e300cdde2124b448a12228c5cfaf30b0e076c2d5f813a5b5b2db41b99b98b24c301a07041244b3ec48324481d3c586ca1c5a0233e9f2491cc59769892ab0fb6a2b33dfd6381c5e381b3fbac2a229bfa1ff007cedc001c934e58bd61c0147b8f5736c09299f8174b0f1f597bc567468f04f04b675502b3acbafb9f8cfc848301505365e88779
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(77222);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/04/08");

  script_cve_id("CVE-2014-3321");
  script_bugtraq_id(68536);
  script_xref(name:"CISCO-BUG-ID", value:"CSCuo91149");

  script_name(english:"Cisco IOS XR MPLS and Network Processor (NP) Chip DoS (Typhoon-based Line Cards)");
  script_summary(english:"Checks the IOS version.");

  script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The remote Cisco device is running a version Cisco IOS XR software
that is potentially affected by a denial of service vulnerability
related the handling of maliciously crafted MPLS (Multiprotocol Label
Switching) packets routed by a bridge-group virtual interface.

Note that this issue only affects Cisco ASR 9000 series devices using
Typhoon-based line cards and MPLS.");
  script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewAlert.x?alertId=34936");
  # https://tools.cisco.com/security/center/viewAlert.x?alertId=34936
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f173fd3e");
  script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/bugsearch/bug/CSCuo91149");
  script_set_attribute(attribute:"solution", value:"Apply the relevant patch referenced in Cisco bug ID CSCuo91149.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3321");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/18");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is (C) 2014-2021 Tenable Network Security, Inc.");
  script_family(english:"CISCO");

  script_dependencies("cisco_ios_xr_version.nasl");
  script_require_keys("Host/Cisco/IOS-XR/Version",  "Settings/ParanoidReport");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

# This requires a very specific and non-supported
# configuration to make the device vulnerable
# which is why this is a paranoid check
if (report_paranoia < 2) audit(AUDIT_PARANOID);

# Check version
# Affected list from vendor:
# 4.3.0/1/2 and 4.3.4.MPLS
version = get_kb_item_or_exit("Host/Cisco/IOS-XR/Version");
if (version !~ "^4\.3\.[0124]($|[^0-9])")
  audit(AUDIT_INST_VER_NOT_VULN, "Cisco IOS XR", version);

# Check model
model = get_kb_item("CISCO/model");
if(model && model !~ "ciscoASR9[0-9]{3}") audit(AUDIT_HOST_NOT, "ASR 9000 series");
# First source failed, try another source
if(!model)
{
  model = get_kb_item_or_exit("Host/Cisco/IOS-XR/Model");
  if ("ASR9K" >!< model) audit(AUDIT_HOST_NOT, "ASR 9000 series");
}

# Example output from 'show mpls interfaces'
#Interface              IP         Tunnel   Operational
#Ethernet1/1/1          Yes (tdp)  No       No
#Ethernet1/1/2          Yes (tdp)  Yes      No
#Ethernet1/1/3          Yes (tdp)  Yes      Yes
#POS2/0/0               Yes (tdp)  No       No
#ATM0/0.1               Yes (tdp)  No       No          (ATM labels)
#ATM3/0.1               Yes (ldp)  No       Yes         (ATM labels)
#ATM0/0.2               Yes (tdp)  No       Yes

override = FALSE;

port = get_kb_item("Host/Cisco/IOS-XR/Port");
if(empty_or_null(port))
  port = 0;

if (get_kb_item("Host/local_checks_enabled"))
{
  flag = FALSE;

  buf = cisco_command_kb_item("Host/Cisco/Config/show_mpls_interfaces", "show mpls interfaces");
  if (check_cisco_result(buf))
  {
    # Check if we have an operational MPLS interface, audit out if we don't
    if(
      buf !~ "^Interface\s+IP\s+Tunnel\s+Operational" || # Does buf have the right header
      buf !~ "\s+Yes\s+(\(ATM labels\))?(\n|$)"          # Does buf have a line that ends in Yes or Yes (ATM labels)
    ) audit(AUDIT_HOST_NOT, "affected because no MPLS interfaces are operational.");

    # Check if we have a Typhoon card, audit out if we dont
    buf = cisco_command_kb_item("Host/Cisco/Config/show_module", "show module");
    if (check_cisco_result(buf))
    {
      if (buf =~ "\sA9K-(MOD80|MOD160|24X10GE|36X10GE|2X100GE|1X100GE)-(SE|TR)\s") flag = TRUE;
      else audit(AUDIT_HOST_NOT, "affected because it does not contain a Typhoon-based card.");
    }
    else if (cisco_needs_enable(buf)) override = TRUE;
  }
  else if (cisco_needs_enable(buf)) override = TRUE;

  if (!flag && !override) audit(AUDIT_HOST_NOT, "affected");
}

if (report_verbosity > 0)
{
  report =
    '\n  Cisco bug ID      : CSCuo91149' +
    '\n  Installed release : ' + version + 
    '\n';
  security_warning(port:port, extra:report+cisco_caveat(override));
}
else security_warning(port:port, extra:cisco_caveat(override));

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation