CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
EPSS
Percentile
78.7%
The remote Cisco device is running a version Cisco IOS XR software that is potentially affected by a denial of service vulnerability related to Netflow and handling malformed IPv4/IPv6 packets.
Note this issue only affects Cisco ASR 9000 series devices using Typhoon-based line cards and Netflow.
#TRUSTED 4790d683545b0e84aba4d4b8e4ba0cff8319ba833a75017f07cf80dbf472195b0c23bd6923d94f2db4c57b67e6208b7628d4973e78555830b19dd9601c3a4abd22933b53d9c7b2b718435bbf931ab79aaef202498922c9e592055a64b340999df6b120a28a961c5867d9c4d8774dd335caf5ee11cde9be2cc406b1961eff509798ad23fc73ec993bf3603f5a9a9f1183f875aeec5cc3a343419be745ebdf1f756ef35a365f8a600d3911610fde15b364d7580f099beb488dbaa9994464a6eab6450bd5522f3f00d4465275327c9ccc78e8821c87e92d2be002549e1c29b4fa363c172b51cf72b9298c1b3e382bdce5d0237fe3cf74664be01138e185e38c5e0e5026a924f11d64e05546268b67c2d32a6bce211196ac50a195c2a74faab7b155ccaec494bbd3a98fff2ecb26e82b6e17bec9c9f23c20f42f5f7fcb7f191b9dbfa2e141b215180db52ede5039b55fa64b0f25a59b6511b9295123fc076079c29ca54c3dbc52cdc88d4e95746cedbd418c1be9a102bd8ecf329044cd9f0f7ea6c3a3dd25531d1fa7d7ee5a06d9d22107194f5843cef2053f2e615abd07016849d0ab62072d763c73c6eca6ac4d2197f316c147c304f9c9860669ca998c48960ac65ec3c462c9c58059f6d501b78cae0e28dca4a3f07cfee3643071d4ff276327a5cba7189d3de6bf17c3917e33316bc2f484bbb800f2659656448fce7ef405e746
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(76881);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/04/08");
script_cve_id("CVE-2014-3322");
script_bugtraq_id(68833);
script_xref(name:"CISCO-BUG-ID", value:"CSCuo68417");
script_name(english:"Cisco IOS XR Typhoon-based Line Cards and Network Processor (NP) Chip DoS");
script_summary(english:"Checks IOS version");
script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"The remote Cisco device is running a version Cisco IOS XR software
that is potentially affected by a denial of service vulnerability
related to Netflow and handling malformed IPv4/IPv6 packets.
Note this issue only affects Cisco ASR 9000 series devices using
Typhoon-based line cards and Netflow.");
script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewAlert.x?alertId=35009");
# https://tools.cisco.com/security/center/viewAlert.x?alertId=35009
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc217107");
script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/bugsearch/bug/CSCuo68417");
script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in Cisco Bug ID CSCuo68417.
Alternatively, disable Netflow as a workaround.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3322");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/22");
script_set_attribute(attribute:"patch_publication_date", value:"2014/07/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/29");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is (C) 2014-2021 Tenable Network Security, Inc.");
script_family(english:"CISCO");
script_dependencies("cisco_ios_xr_version.nasl");
script_require_keys("Host/Cisco/IOS-XR/Version");
exit(0);
}
include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");
# check model
model = get_kb_item("CISCO/model");
if (model)
{
if (model !~ "ciscoASR9[0-9]{3}") audit(AUDIT_HOST_NOT, "ASR 9000 series");
}
else
{
model = get_kb_item_or_exit("Host/Cisco/IOS-XR/Model");
if ("ASR9K" >!< model) audit(AUDIT_HOST_NOT, "ASR 9000 series");
}
version = get_kb_item_or_exit("Host/Cisco/IOS-XR/Version");
# Affected per vendor :
# 4.3 .0, .1, .2
# and
# 4.3.4.BASE
if (version !~ "^4\.3\.[0124]($|[^0-9])") audit(AUDIT_HOST_NOT, "affected");
override = FALSE;
port = get_kb_item("Host/Cisco/IOS-XR/Port");
if(empty_or_null(port))
port = 0;
if (get_kb_item("Host/local_checks_enabled"))
{
flag = FALSE;
buf = cisco_command_kb_item("Host/Cisco/Config/show_running-config", "show running-config");
# If Netflow is enabled, contents will be similar to :
# flow exporter-map {map-name}
# else, flow is not displayed
if (check_cisco_result(buf))
{
if ("flow exporter-map " >< buf) flag = TRUE;
else audit(AUDIT_HOST_NOT, "affected because Netflow is not enabled");
# Next check for Typhoon card(s)
buf = cisco_command_kb_item("Host/Cisco/Config/show_module", "show module");
if (check_cisco_result(buf))
{
if (
"A9K-MOD80-SE" >< buf ||
"A9K-MOD80-TR" >< buf ||
"A9K-MOD160-SE" >< buf ||
"A9K-MOD160-TR" >< buf ||
"A9K-24X10GE-SE" >< buf ||
"A9K-24X10GE-TR" >< buf ||
"A9K-36X10GE-SE" >< buf ||
"A9K-36X10GE-TR" >< buf ||
"A9K-2X100GE-SE" >< buf ||
"A9K-2X100GE-TR" >< buf ||
"A9K-1X100GE-SE" >< buf ||
"A9K-1X100GE-TR" >< buf
) flag = TRUE;
else audit(AUDIT_HOST_NOT, "affected because it does not contain a Typhoon-based card.");
}
else if (cisco_needs_enable(buf)) override = TRUE;
}
else if (cisco_needs_enable(buf)) override = TRUE;
if (!flag && !override) audit(AUDIT_HOST_NOT, "affected");
}
if (report_verbosity > 0)
{
report =
'\n Cisco Bug ID : CSCuo68417' +
'\n Installed release : ' + version +
'\n';
security_warning(port:port, extra:report+cisco_caveat(override));
}
else security_warning(port:port, extra:cisco_caveat(override));