Lucene search
K

Cisco ASA Cavium SDK TLS Incorrect Padding Acceptance Plaintext Disclosure (CSCuu93339)

🗓️ 01 Jun 2016 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 16 Views

Cisco ASA Cavium SDK TLS Incorrect Padding Acceptance Plaintext Disclosure vulnerability affecting Cisco Adaptive Security Applianc

Related
Refs
Code
ReporterTitlePublishedViews
Family
Tenable Nessus
Cisco ACE 4710 Appliance / ACE30 Module Multiple Vulnerabilities (Logjam)
1 Jun 201600:00
nessus
#TRUSTED 03e3bbd9312ea760804cba54e1698da43c67a52680b2cc498d0faee9f654f750878f07e204e654f024659ffa3e44322b5bf41accffbab9d9434266d995b7583f2d861f430b87d5afcef63415f4e3453d416d09804995660cfb304a559f6afbef68fc52201790732d823dd5b1053b39c3a2ee8de7b5cba8e824781d194058f3707b8dace00bf056bc68aece13556cd26a90e2408ca0e64dfcb7f2d6c5d4566fb3e97c96715df88138b637fb4ed8aa6551b3b015d578f4d37f0002b759d496ef45e3878a59d5a2d8664d28dab1c944af488b68cba210ca5bd9061f1141c0941938cec4e1c7cc6cba7985c44ce4b757f2c3de877c66872be1a0353396533d82354a0a26b665b51d2af7b9c1fec9affdf1abe823695094b0a871f614408578a5aca4eebd10eb4f23b06153d558a57e3b1e2b965a9d68e3b3abf04907037a76abe0979b316a6ac7173db4001e64857c135eb45870a31c01ce57929118d7556fec5bc9e5f66ebba5c7bb224c080fb57f58278c58f998ef4b6b6a009fe67a6cb38fdffda419c177bb36b3425d62e040729754a1654a354d8cef48af31f9f08ba189ee4d27760af5f6a70371236af617260628c4ccf24ea282f91785d1ffed0fc14c17293190ebf34dc5be7bbee31cf4372c20fe4b208a56ca49a78a1ee8f1d8b1fb21c88166155f95fdbc3c30cfa0b58969586d0474761392b7bdcca71d7d2541028217
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(91426);
  script_version("1.6");
  script_cvs_date("Date: 2019/11/14");

  script_cve_id("CVE-2015-4595");
  script_xref(name:"CISCO-BUG-ID", value:"CSCuu93339");

  script_name(english:"Cisco ASA Cavium SDK TLS Incorrect Padding Acceptance Plaintext Disclosure (CSCuu93339)");
  script_summary(english:"Checks the ASA version, model, and configuration.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is affected by an information disclosure
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote Cisco Adaptive Security Appliance (ASA) is missing a
vendor-supplied security patch. It is, therefore, affected by a flaw
in the TLS 1.x implementation in the Cavium SDK due to a failure to
check the first byte of the padding bytes. A man-in-the-middle
attacker can exploit this, by sending specially crafted requests to
the server, to induce requests that allow determining the plaintext
chunks of data. This vulnerability is a variant of the POODLE attack.");
  script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/bugsearch/bug/CSCuu93339");
  # https://vivaldi.net/en-US/userblogs/entry/there-are-more-poodles-in-the-forest
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0f38496c");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in bug ID CSCuu93339, or contact
the vendor.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/08/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:adaptive_security_appliance_software");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/Cisco/ASA", "Host/Cisco/ASA/model");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

asa = get_kb_item_or_exit('Host/Cisco/ASA');
model = get_kb_item_or_exit('Host/Cisco/ASA/model');

ver = extract_asa_version(asa);
if (isnull(ver)) audit(AUDIT_FN_FAIL, 'extract_asa_version');

if (model != "5506-X" && model != "5508-X" && model != "5516-X")
  audit(AUDIT_HOST_NOT, 'a Cisco ASA 5506-X / 5508-X / 5516-X');

fix = NULL;
flag = 0;
override = 0;
cbi = "CSCuu93339";

# 9.3 <= 9.3(3.2)
if (
  ver =~ "^9\.3\([0-2](\.[0-9]+)?\)$" ||
  ver =~ "^9\.3\(3(\.[0-2])?\)$"
)
  fix = "Upgrade to 9.4(2) or later or refer to the vendor.";
# 9.4
else if (ver =~ "^9\.4\([01][^0-9]" && check_asa_release(version:ver, patched:"9.4(1.4)"))
  fix = "9.4(1.4) / 9.4(2)";
# 9.5
else if (ver =~ "^9\.5[^0-9]" && check_asa_release(version:ver, patched:"9.5(1)"))
  fix = "9.5(1)";

if (isnull(fix))
  audit(AUDIT_INST_VER_NOT_VULN, "Cisco ASA", ver);

if (get_kb_item("Host/local_checks_enabled"))
{
  # Check for the workaround
  buf = cisco_command_kb_item("Host/Cisco/Config/show_run_all_ssl", "show run all ssl");
  if (check_cisco_result(buf))
  {
    if (preg(multiline:TRUE, pattern:"^ssl server-version tlsv1", string:buf)) flag++;
    if (preg(multiline:TRUE, pattern:"^ssl client-version tlsv1-only", string:buf)) flag++;
  }
  else if (cisco_needs_enable(buf)) {flag = 1; override = 1;}
}

if (flag)
{
  if (report_verbosity > 0)
  {
    report +=
      '\n  Cisco bug ID      : ' + cbi +
      '\n  Installed release : ' + ver +
      '\n  Fixed release     : ' + fix +
      '\n';
    security_note(port:0, extra:report+cisco_caveat(override));
  }
  else security_note(port:0, extra:cisco_caveat(override));
}
else audit(AUDIT_HOST_NOT, "affected");

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

14 Nov 2019 00:00Current
7.5High risk
Vulners AI Score7.5
16