ID CSCEE50294.NASL Type nessus Reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. Modified 2021-02-02T00:00:00
Description
The remote router contains a version of IOS which has flaw in the DHCP
service/relay service that may let an attacker to disable DHCP serving
and or relaying on the remote router.
CISCO identifies this vulnerability as bug id CSCee50294.
#
# (C) Tenable Network Security
#
include("compat.inc");
if(description)
{
script_id(15782);
script_bugtraq_id(11649);
script_cve_id("CVE-2004-1111");
script_version("1.18");
script_name(english:"Cisco IOS Malformed DHCP Packet DoS (CSCee50294)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch." );
script_set_attribute(attribute:"description", value:
"The remote router contains a version of IOS which has flaw in the DHCP
service/relay service that may let an attacker to disable DHCP serving
and or relaying on the remote router.
CISCO identifies this vulnerability as bug id CSCee50294." );
script_set_attribute(attribute:"solution", value:
"http://www.nessus.org/u?7f0d4f1a" );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_publication_date", value: "2004/11/22");
script_set_attribute(attribute:"vuln_publication_date", value: "2004/11/10");
script_cvs_date("Date: 2018/06/27 18:42:25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value: "cpe:/o:cisco:ios");
script_end_attributes();
summary["english"] = "Uses SNMP to determine if a flaw is present";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
script_family(english:"CISCO");
script_dependencie("snmp_sysDesc.nasl",
"snmp_cisco_type.nasl");
script_require_keys("SNMP/community",
"SNMP/sysDesc",
"CISCO/model");
exit(0);
}
# The code starts here
ok=0;
os = get_kb_item("SNMP/sysDesc"); if(!os)exit(0);
hardware = get_kb_item("CISCO/model"); if(!hardware)exit(0);
# Check for the required operating system...
#----------------------------------------------------------------
# Is this IOS ?
if(!egrep(pattern:".*(Internetwork Operating|IOS).*", string:os))exit(0);
# 12.2EW
if(egrep(string:os, pattern:"((12\.2\(([0-9]|1[0-7])\)|12\.2)EW[0-9]*|12\.2\(18\)EW[0-1]),"))ok=1;
# 12.2EWA
if(egrep(string:os, pattern:"(12\.2\(([0-9]|1[0-9])\)|12\.2)EWA[0-9]*,"))ok=1;
# 12.2S
if(egrep(string:os, pattern:"((12\.2\(([0-9]|1[0-7])\)|12\.2)S[0-9]*|12\.2\(18\)S[0-5]),"))ok=1;
# 12.2SE
if(egrep(string:os, pattern:"((12\.2\(([0-9]|1[0-9])\)|12\.2)SE[0-9]*|12\.2\(20\)SE[0-2]),"))ok=1;
# 12.2SV
if(egrep(string:os, pattern:"(12\.2\(([0-9]|[1-1][0-9]|2[0-3])\)|12\.2)SV[0-9]*,"))ok=1;
# 12.2SW
if(egrep(string:os, pattern:"(12\.2\(([0-9]|[1-1][0-9]|2[0-4])\)|12\.2)SW[0-9]*,"))ok=1;
# 12.2SZ
if(egrep(string:os, pattern:"(12\.2\([0-9]*\)|12\.2)SZ[0-9]*,"))ok=1;
#----------------------------------------------
if(ok)security_warning(port:161, proto:"udp");
{"id": "CSCEE50294.NASL", "bulletinFamily": "scanner", "title": "Cisco IOS Malformed DHCP Packet DoS (CSCee50294)", "description": "The remote router contains a version of IOS which has flaw in the DHCP\nservice/relay service that may let an attacker to disable DHCP serving\nand or relaying on the remote router.\n\nCISCO identifies this vulnerability as bug id CSCee50294.", "published": "2004-11-22T00:00:00", "modified": "2021-02-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/15782", "reporter": "This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2004-1111"], "type": "nessus", "lastseen": "2021-02-01T00:51:47", "edition": 24, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-1111"]}, {"type": "osvdb", "idList": ["OSVDB:11605"]}, {"type": "cisco", "idList": ["CISCO-SA-20041110-DHCP"]}, {"type": "nessus", "idList": ["CISCO-SA-20041110-DHCPHTTP.NASL"]}], "modified": "2021-02-01T00:51:47", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-02-01T00:51:47", "rev": 2}, "vulnersScore": 5.7}, "sourceData": "#\n# (C) Tenable Network Security\n#\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(15782);\n script_bugtraq_id(11649);\n script_cve_id(\"CVE-2004-1111\");\n script_version(\"1.18\");\n\n script_name(english:\"Cisco IOS Malformed DHCP Packet DoS (CSCee50294)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote router contains a version of IOS which has flaw in the DHCP\nservice/relay service that may let an attacker to disable DHCP serving\nand or relaying on the remote router.\n\nCISCO identifies this vulnerability as bug id CSCee50294.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.nessus.org/u?7f0d4f1a\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/11/22\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/11/10\");\n script_cvs_date(\"Date: 2018/06/27 18:42:25\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value: \"cpe:/o:cisco:ios\");\n script_end_attributes();\n\n\n summary[\"english\"] = \"Uses SNMP to determine if a flaw is present\";\n script_summary(english:summary[\"english\"]);\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n\n script_family(english:\"CISCO\");\n\n script_dependencie(\"snmp_sysDesc.nasl\",\n\t\t\t \"snmp_cisco_type.nasl\");\n script_require_keys(\"SNMP/community\",\n\t\t\t \"SNMP/sysDesc\",\n\t\t\t \"CISCO/model\");\n exit(0);\n}\n\n\n# The code starts here\nok=0;\nos = get_kb_item(\"SNMP/sysDesc\"); if(!os)exit(0);\nhardware = get_kb_item(\"CISCO/model\"); if(!hardware)exit(0);\n\n\n\n\n# Check for the required operating system...\n#----------------------------------------------------------------\n# Is this IOS ?\nif(!egrep(pattern:\".*(Internetwork Operating|IOS).*\", string:os))exit(0);\n# 12.2EW\nif(egrep(string:os, pattern:\"((12\\.2\\(([0-9]|1[0-7])\\)|12\\.2)EW[0-9]*|12\\.2\\(18\\)EW[0-1]),\"))ok=1;\n\n# 12.2EWA\nif(egrep(string:os, pattern:\"(12\\.2\\(([0-9]|1[0-9])\\)|12\\.2)EWA[0-9]*,\"))ok=1;\n\n# 12.2S\nif(egrep(string:os, pattern:\"((12\\.2\\(([0-9]|1[0-7])\\)|12\\.2)S[0-9]*|12\\.2\\(18\\)S[0-5]),\"))ok=1;\n\n# 12.2SE\nif(egrep(string:os, pattern:\"((12\\.2\\(([0-9]|1[0-9])\\)|12\\.2)SE[0-9]*|12\\.2\\(20\\)SE[0-2]),\"))ok=1;\n\n# 12.2SV\nif(egrep(string:os, pattern:\"(12\\.2\\(([0-9]|[1-1][0-9]|2[0-3])\\)|12\\.2)SV[0-9]*,\"))ok=1;\n\n# 12.2SW\nif(egrep(string:os, pattern:\"(12\\.2\\(([0-9]|[1-1][0-9]|2[0-4])\\)|12\\.2)SW[0-9]*,\"))ok=1;\n\n# 12.2SZ\nif(egrep(string:os, pattern:\"(12\\.2\\([0-9]*\\)|12\\.2)SZ[0-9]*,\"))ok=1;\n\n\n#----------------------------------------------\n\nif(ok)security_warning(port:161, proto:\"udp\");\n", "naslFamily": "CISCO", "pluginID": "15782", "cpe": ["cpe:/o:cisco:ios"], "scheme": null}
{"cve": [{"lastseen": "2021-02-02T05:22:59", "description": "Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the \"no service dhcp\" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size.", "edition": 4, "cvss3": {}, "published": "2005-01-10T05:00:00", "title": "CVE-2004-1111", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-1111"], "modified": "2017-10-11T01:29:00", "cpe": ["cpe:/h:cisco:7500_router:*", "cpe:/o:cisco:ios:12.2\\(14\\)sz", "cpe:/o:cisco:ios:12.2\\(18\\)ew", "cpe:/h:cisco:multiservice_platform_2651:*", "cpe:/o:cisco:ios:12.2\\(18\\)se", "cpe:/h:cisco:7300_router:*", "cpe:/o:cisco:ios:12.2\\(18\\)ewa", "cpe:/o:cisco:ios:12.2\\(18\\)s", "cpe:/h:cisco:7600_router:*", "cpe:/o:cisco:ios:12.2\\(18\\)sv", "cpe:/o:cisco:ios:12.2\\(20\\)ew", "cpe:/o:cisco:ios:12.2\\(18\\)sw", "cpe:/h:cisco:catalyst_7600:*", "cpe:/h:cisco:multiservice_platform_2650xm:*", "cpe:/h:cisco:multiservice_platform_2651xm:*", "cpe:/h:cisco:multiservice_platform_2650:*", "cpe:/h:cisco:7200_router:*"], "id": "CVE-2004-1111", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1111", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:cisco:ios:12.2\\(18\\)se:*:*:*:*:*:*:*", "cpe:2.3:h:cisco:catalyst_7600:*:*:sup720_msfc3:*:*:*:*:*", "cpe:2.3:o:cisco:ios:12.2\\(18\\)ewa:*:*:*:*:*:*:*", "cpe:2.3:h:cisco:multiservice_platform_2651xm:*:*:*:*:*:*:*:*", "cpe:2.3:h:cisco:7300_router:*:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios:12.2\\(18\\)ew:*:*:*:*:*:*:*", "cpe:2.3:h:cisco:multiservice_platform_2650:*:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios:12.2\\(18\\)sw:*:*:*:*:*:*:*", "cpe:2.3:h:cisco:7200_router:*:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios:12.2\\(20\\)ew:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios:12.2\\(18\\)s:*:*:*:*:*:*:*", "cpe:2.3:h:cisco:7600_router:*:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios:12.2\\(14\\)sz:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios:12.2\\(18\\)sv:*:*:*:*:*:*:*", "cpe:2.3:h:cisco:7500_router:*:*:*:*:*:*:*:*", "cpe:2.3:h:cisco:multiservice_platform_2651:*:*:*:*:*:*:*:*", "cpe:2.3:h:cisco:multiservice_platform_2650xm:*:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:07", "bulletinFamily": "software", "cvelist": ["CVE-2004-1111"], "edition": 1, "description": "## Vulnerability Description\nIOS contains a flaw that may allow a remote denial of service. The issue is triggered when a number of malformed DHCP packets are not processed by or purged from an interface queue, and will result in loss of availability for the interface when the queue fills and is unable to process new packets.\n## Solution Description\nUpgrade to version indicated by Cisco product matrix, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nIOS contains a flaw that may allow a remote denial of service. The issue is triggered when a number of malformed DHCP packets are not processed by or purged from an interface queue, and will result in loss of availability for the interface when the queue fills and is unable to process new packets.\n## References:\n[Vendor Specific Advisory URL](http://www.cisco.com/warp/public/707/cisco-sa-20041110-dhcp.shtml)\nSecurity Tracker: 1012166\n[Secunia Advisory ID:13148](https://secuniaresearch.flexerasoftware.com/advisories/13148/)\nISS X-Force ID: 18021\n[CVE-2004-1111](https://vulners.com/cve/CVE-2004-1111)\nCIAC Advisory: p-034\nCERT VU: 630104\n", "modified": "2004-11-10T00:00:00", "published": "2004-11-10T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:11605", "id": "OSVDB:11605", "title": "Cisco IOS Malformed DHCP Packet DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cisco": [{"lastseen": "2019-05-29T15:33:25", "bulletinFamily": "software", "cvelist": ["CVE-2004-1111"], "description": "", "modified": "2004-11-10T17:00:00", "published": "2004-11-10T17:00:00", "id": "CISCO-SA-20041110-DHCP", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20041110-dhcp", "type": "cisco", "title": "Cisco IOS DHCP Blocked Interface Denial-of-Service", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2019-10-28T20:02:58", "description": "Cisco IOS devices running branches of Cisco IOS version 12.2S that\nhave Dynamic Host Configuration Protocol (DHCP) server or relay agent\nenabled, even if not configured, are vulnerable to a denial of service\nwhere the input queue becomes blocked when receiving specifically\ncrafted DHCP packets. Cisco is providing free fixed software to address\nthis issue. There are also workarounds to mitigate this vulnerability.\nThis issue was introduced by the fix included in CSCdx46180 and is\nbeing tracked by Cisco Bug ID CSCee50294.", "edition": 9, "published": "2010-09-01T00:00:00", "title": "Cisco IOS DHCP Blocked Interface Denial-of-Service - Cisco Systems", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1111"], "modified": "2010-09-01T00:00:00", "cpe": ["cpe:/o:cisco:ios"], "id": "CISCO-SA-20041110-DHCPHTTP.NASL", "href": "https://www.tenable.com/plugins/nessus/48978", "sourceData": "#TRUSTED 35e9d24965327e9bb34082c3192bf795519313e242a6a8a1694efbbb6a42a0e72fba4ec76c9385a5d474c65080a3a58f668617b95f7d960de39b1719f154199484ee5b543e14104f7631c842fafa7fe39a6e8a62d9f91dc9dcd187751006f9a031e99524678d04a920a117d6f8e7ffed367db6b8a4e6ffff78801e1b9abaa28b0303d22d82e52aa767343e14d9feee72a774ddacc43ddeaaac0f20474cf1072077bf4047572a1afd3cfd8922a15792355239bc0fd9b0c8452515aa05685f3ec3c824a3f3d3c44d9fdf69383f9a70af4e8154927d6786de8f90ff9177d55745dfd99013aa222e2ca2aa18b5d589c4c1660c2322ec6e6b51a1726ca3fadc0dd483688c15a06064606e210c4dc9a31de315d3cd3288c0ceddf6335c6b942914f5f36683eddfe4123c9ccc1961887ec710558f325eca39303daba7e58a1653593cac3b87309c3aa7852ab9a516782a6e8e73bc0091673b7264bc717c822802eebd4e82437730c97fce7df28a5a90d92181dce736ab8abdc43665baeacebbd8a6d8b4401d339ad1c73a48fb29e6271b13edbaa1b3deb54bb9baecf09f056449455aa86f22afe9fd4ade58aee9084da5dfd5e0e947e0f5a5ec8ce83b3b087192f2c2ca351402f3b452020f3c7c77b961b9186c05283a5e5c4bbb1960c115b69cf1e8b1307768f22449fb6468c3ee0c435a2530c92fbff8e1407b6b221fae0d6f8ae687\n#\n# (C) Tenable Network Security, Inc.\n#\n# Security advisory is (C) CISCO, Inc.\n# See https://www.cisco.com/en/US/products/products_security_advisory09186a00803448c7.shtml\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48978);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/11/15\");\n script_cve_id(\"CVE-2004-1111\");\n script_xref(name:\"CERT\", value:\"630104\");\n script_name(english:\"Cisco IOS DHCP Blocked Interface Denial-of-Service - Cisco Systems\");\n script_summary(english:\"Checks the IOS version.\");\n script_set_attribute(attribute:\"synopsis\", value:\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n'Cisco IOS devices running branches of Cisco IOS version 12.2S that\nhave Dynamic Host Configuration Protocol (DHCP) server or relay agent\nenabled, even if not configured, are vulnerable to a denial of service\nwhere the input queue becomes blocked when receiving specifically\ncrafted DHCP packets. Cisco is providing free fixed software to address\nthis issue. There are also workarounds to mitigate this vulnerability.\nThis issue was introduced by the fix included in CSCdx46180 and is\nbeing tracked by Cisco Bug ID CSCee50294.'\n );\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20041110-dhcp\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1c793e4c\");\n # https://www.cisco.com/en/US/products/products_security_advisory09186a00803448c7.shtml\n script_set_attribute(attribute:\"see_also\", value: \"http://www.nessus.org/u?e24ccf46\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant patch referenced in Cisco Security Advisory\ncisco-sa-20041110-dhcp.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:ios\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/01\");\n\n script_end_attributes();\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCdx46180\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCee50294\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20041110-dhcp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CISCO\");\n script_dependencie(\"cisco_ios_version.nasl\");\n script_require_keys(\"Host/Cisco/IOS/Version\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_func.inc\");\ninclude(\"cisco_kb_cmd_func.inc\");\n\nflag = 0;\nreport_extra = \"\";\nversion = get_kb_item_or_exit(\"Host/Cisco/IOS/Version\");\noverride = 0;\n\n# Affected: 12.2(18)EW\nif (check_release(version: version,\n patched: make_list(\"12.2(18)EW2\"),\n oldest: \"12.2(18)EW\")) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.2(20)EW\nif (version =~ \"^12\\.2\\(20\\)EW[0-9]*$\") {\n report_extra = '\\nUpdate to 12.2(20)EWA or later\\n'; flag++;\n}\n# Affected: 12.2(18)EWA\nif (check_release(version: version,\n patched: make_list(\"12.2(20)EWA\"),\n oldest: \"12.2(18)EWA\")) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.2(18)S\nif (check_release(version: version,\n patched: make_list(\"12.2(18)S6\"),\n oldest: \"12.2(18)S\")) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.2(18)SE\nif (check_release(version: version,\n patched: make_list(\"12.2(20)SE3\"),\n oldest: \"12.2(18)SE\")) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.2(18)SV\nif (check_release(version: version,\n patched: make_list(\"12.2(24)SV\"),\n oldest: \"12.2(18)SV\")) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.2(18)SW\nif (check_release(version: version,\n patched: make_list(\"12.2(25)SW\"),\n oldest: \"12.2(18)SW\")) {\n report_extra = '\\nUpdate to ' + patch_update + ' or later\\n'; flag++;\n}\n# Affected: 12.2(14)SZ\nif (version =~ \"^12\\.2\\(14\\)SZ[0-9]*$\") {\n report_extra = '\\nUpdate to 12.2(20)S4 or later\\n'; flag++;\n}\n\nif (get_kb_item(\"Host/local_checks_enabled\"))\n{\n if (flag)\n {\n flag = 0;\n buf = cisco_command_kb_item(\"Host/Cisco/Config/show_running-config\", \"show running-config\");\n if (check_cisco_result(buf))\n {\n if (!preg(pattern:\"no\\s+service\\s+dhcp\", multiline:TRUE, string:buf)) { flag = 1; }\n } else if (cisco_needs_enable(buf)) { flag = 1; override = 1; }\n }\n}\n\n\nif (flag)\n{\n security_warning(port:0, extra:report_extra + cisco_caveat(override));\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
