Cisco IOS XR Typhoon-based Line Cards and Network Processor (NP) Chip DoS

#TRUSTED 4790d683545b0e84aba4d4b8e4ba0cff8319ba833a75017f07cf80dbf472195b0c23bd6923d94f2db4c57b67e6208b7628d4973e78555830b19dd9601c3a4abd22933b53d9c7b2b718435bbf931ab79aaef202498922c9e592055a64b340999df6b120a28a961c5867d9c4d8774dd335caf5ee11cde9be2cc406b1961eff509798ad23fc73ec993bf3603f5a9a9f1183f875aeec5cc3a343419be745ebdf1f756ef35a365f8a600d3911610fde15b364d7580f099beb488dbaa9994464a6eab6450bd5522f3f00d4465275327c9ccc78e8821c87e92d2be002549e1c29b4fa363c172b51cf72b9298c1b3e382bdce5d0237fe3cf74664be01138e185e38c5e0e5026a924f11d64e05546268b67c2d32a6bce211196ac50a195c2a74faab7b155ccaec494bbd3a98fff2ecb26e82b6e17bec9c9f23c20f42f5f7fcb7f191b9dbfa2e141b215180db52ede5039b55fa64b0f25a59b6511b9295123fc076079c29ca54c3dbc52cdc88d4e95746cedbd418c1be9a102bd8ecf329044cd9f0f7ea6c3a3dd25531d1fa7d7ee5a06d9d22107194f5843cef2053f2e615abd07016849d0ab62072d763c73c6eca6ac4d2197f316c147c304f9c9860669ca998c48960ac65ec3c462c9c58059f6d501b78cae0e28dca4a3f07cfee3643071d4ff276327a5cba7189d3de6bf17c3917e33316bc2f484bbb800f2659656448fce7ef405e746
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(76881);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/04/08");

  script_cve_id("CVE-2014-3322");
  script_bugtraq_id(68833);
  script_xref(name:"CISCO-BUG-ID", value:"CSCuo68417");

  script_name(english:"Cisco IOS XR Typhoon-based Line Cards and Network Processor (NP) Chip DoS");
  script_summary(english:"Checks IOS version");

  script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The remote Cisco device is running a version Cisco IOS XR software
that is potentially affected by a denial of service vulnerability
related to Netflow and handling malformed IPv4/IPv6 packets.

Note this issue only affects Cisco ASR 9000 series devices using
Typhoon-based line cards and Netflow.");
  script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewAlert.x?alertId=35009");
  # https://tools.cisco.com/security/center/viewAlert.x?alertId=35009
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dc217107");
  script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/bugsearch/bug/CSCuo68417");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in Cisco Bug ID CSCuo68417.

Alternatively, disable Netflow as a workaround.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3322");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/07/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/29");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is (C) 2014-2021 Tenable Network Security, Inc.");
  script_family(english:"CISCO");

  script_dependencies("cisco_ios_xr_version.nasl");
  script_require_keys("Host/Cisco/IOS-XR/Version");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

# check model
model = get_kb_item("CISCO/model");
if (model)
{
  if (model !~ "ciscoASR9[0-9]{3}") audit(AUDIT_HOST_NOT, "ASR 9000 series");
}
else
{
  model = get_kb_item_or_exit("Host/Cisco/IOS-XR/Model");
  if ("ASR9K" >!< model) audit(AUDIT_HOST_NOT, "ASR 9000 series");
}

version = get_kb_item_or_exit("Host/Cisco/IOS-XR/Version");

# Affected per vendor :
# 4.3 .0, .1, .2
# and
# 4.3.4.BASE
if (version !~ "^4\.3\.[0124]($|[^0-9])") audit(AUDIT_HOST_NOT, "affected");

override = FALSE;

port = get_kb_item("Host/Cisco/IOS-XR/Port");
if(empty_or_null(port))
  port = 0;

if (get_kb_item("Host/local_checks_enabled"))
{
  flag = FALSE;

  buf = cisco_command_kb_item("Host/Cisco/Config/show_running-config", "show running-config");
  # If Netflow is enabled, contents will be similar to :
  # flow exporter-map {map-name}
  # else, flow is not displayed
  if (check_cisco_result(buf))
  {
    if ("flow exporter-map " >< buf) flag = TRUE;
    else audit(AUDIT_HOST_NOT, "affected because Netflow is not enabled");

    # Next check for Typhoon card(s)
    buf = cisco_command_kb_item("Host/Cisco/Config/show_module", "show module");
    if (check_cisco_result(buf))
    {
      if (
        "A9K-MOD80-SE"   >< buf ||
        "A9K-MOD80-TR"   >< buf ||
        "A9K-MOD160-SE"  >< buf ||
        "A9K-MOD160-TR"  >< buf ||
        "A9K-24X10GE-SE" >< buf ||
        "A9K-24X10GE-TR" >< buf ||
        "A9K-36X10GE-SE" >< buf ||
        "A9K-36X10GE-TR" >< buf ||
        "A9K-2X100GE-SE" >< buf ||
        "A9K-2X100GE-TR" >< buf ||
        "A9K-1X100GE-SE" >< buf ||
        "A9K-1X100GE-TR" >< buf
      ) flag = TRUE;
      else audit(AUDIT_HOST_NOT, "affected because it does not contain a Typhoon-based card.");
    }
    else if (cisco_needs_enable(buf)) override = TRUE;
  }
  else if (cisco_needs_enable(buf)) override = TRUE;

  if (!flag && !override) audit(AUDIT_HOST_NOT, "affected");
}

if (report_verbosity > 0)
{
  report =
    '\n  Cisco Bug ID      : CSCuo68417' +
    '\n  Installed release : ' + version + 
    '\n';
  security_warning(port:port, extra:report+cisco_caveat(override));
}
else security_warning(port:port, extra:cisco_caveat(override));