CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:P/A:P
EPSS
Percentile
78.3%
The remote Cisco device contains a flaw in the Hot Standby Router Protocol (HSRP) authentication. A remote attacker, using a specially crafted HSRP packet, can bypass HSRP authentication and configure HSRP group members to the SPEAK state, causing a denial of service.
#TRUSTED 2e6b9598909253e0556c7ca31ca0841dfa32a310fdb03f4a56f54819dcded58f8be7cf0504ad38f9707af7f27c6d2ac29cf510334a6526adf9b6fd3296475cec9a0815176914d0fd06bb13bc824d08ffa53c7ccd250688638342e1fdc2e2e365de2abc10f3d740a2d0e674be1fbe42315247227f3c235f217b79b4078e1169ba6b6e6cddfb71f96525bbc0289467efd761bdc6500521f6d2eee432f352ded58f1b36ce9846c5b86d83242faf3796db4f498db7c993a8cfaf69aa5854d7cbae7c811b4c761b248e896fd81df09f0fd01b78585f28f600e0169537b19ce05871e255794e49b0a47afe8a9724f6410fd8b0ca18710b0f42e5d4d668cda6d44862aaaf8245ffa80985118790d4cff807747ee6657e19171c75683ef4c45c9bfa392d45e68ecda13cc6ae82f0979b15447da2d8d6576d34d59994389e1db9cc96d2f711933985fb2a0620870ad6c91e8cef429fe237d27931e3790f3d772f75bc48562070b568d3af320f2bf81ee39ecc1c1c3a6ca7ac7ec80a325ca2c41ac675e48446215ec2bcd9a7d6bf0578a2d6a318f5db0009e2a49baccc5cb6ef1b2cf1fd288152c27e40f4a677ad00e7629450e67f455bc4023396e76d8145877e24425934dd87c27bdd34815b3e65017a5376f22a1616b3d882fb32cd0155ae6f0fa22f934391c674fdb6a78342cc3924089683863b1b5a098da0526fbe3ff7958e11ab6e
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(83904);
script_version("1.9");
script_cvs_date("Date: 2019/11/22");
script_cve_id("CVE-2014-3295");
script_bugtraq_id(67983);
script_xref(name:"CISCO-BUG-ID", value:"CSCup11309");
script_name(english:"Cisco NX-OS HSRP DoS (CSCup11309)");
script_summary(english:"Checks the NX-OS version.");
script_set_attribute(attribute:"synopsis", value:
"The remote device is affected by a denial of service vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote Cisco device contains a flaw in the Hot Standby Router
Protocol (HSRP) authentication. A remote attacker, using a specially
crafted HSRP packet, can bypass HSRP authentication and configure HSRP
group members to the SPEAK state, causing a denial of service.");
script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewAlert.x?alertId=34585");
script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/bugsearch/bug/CSCup11309");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version, 6.2(10) or later, as referenced
in Cisco bug ID CSCup11309.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/10");
script_set_attribute(attribute:"patch_publication_date", value:"2014/06/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/30");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_nxos_version.nasl");
script_require_keys("Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Device", "Host/Cisco/NX-OS/Model", "Host/local_checks_enabled");
exit(0);
}
include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");
device = get_kb_item_or_exit("Host/Cisco/NX-OS/Device");
model = get_kb_item_or_exit("Host/Cisco/NX-OS/Model");
version = get_kb_item_or_exit("Host/Cisco/NX-OS/Version");
flag = 0;
override = 0;
# According to the Note only Nexus 7000 is affected
if (device != 'Nexus' || model !~ "^7[0-9][0-9][0-9]([^0-9]|$)")
audit(AUDIT_DEVICE_NOT_VULN, device + ' ' + model);
if (version =~ "^[0-5]([^0-9]|$)" ||
version =~ "^6\.[0-1]([^0-9]|$)" ||
version =~ "^6\.2\([0-9]([^0-9]|$)"
) flag++;
if (flag)
{
flag = 0;
# Check for HSRP enabled
if (get_kb_item_or_exit("Host/local_checks_enabled"))
{
buf = cisco_command_kb_item("Host/Cisco/Config/show_hsrp", "show hsrp");
if (check_cisco_result(buf))
{
if ('HSRP' >< buf) flag++;
}
else if (cisco_needs_enable(buf))
{
flag++;
override++;
}
}
}
if (flag)
{
if (report_verbosity > 0)
{
report =
'\n Cisco bug ID : CSCup11309' +
'\n Installed release : ' + version +
'\n';
security_warning(port:0, extra:report + cisco_caveat(override));
}
else security_warning(port:0, extra:cisco_caveat(override));
exit(0);
}
else audit(AUDIT_DEVICE_NOT_VULN, device + ' ' + model, version);;