Rockwell Automation Stratix Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service (CVE-2016-1344)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501808);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/16");

  script_cve_id("CVE-2016-1344");

  script_name(english:"Rockwell Automation Stratix Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service (CVE-2016-1344)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in the Internet Key Exchange (IKE) version 2 (v2) fragmentation 
code of Cisco IOS and IOS XE Software could allow an unauthenticated, 
remote attacker to cause a reload of the affected system. 
The vulnerability is due to an improper handling of crafted, fragmented IKEv2 packets. 
An attacker could exploit this vulnerability by sending crafted UDP packets 
to the affected system. An exploit could allow the attacker to cause a reload 
of the affected system. 

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?aac4e3b7");
  # https://www.rockwellautomation.com/en-us/support/advisory.PN965.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?141f2981");
  # https://www.cisa.gov/news-events/ics-advisories/icsa-17-094-04
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c7bf8ef2");
  script_set_attribute(attribute:"solution", value:
"Rockwell Automation has provided a new firmware version, 
Version 15.6.3, to mitigate these vulnerabilities.

See Rockwell Automation's security advisory for more information.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1344");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(755);

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/03/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/15");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:allen-bradley_stratix_5900_industrial_managed_ethernet_switch");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Rockwell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Rockwell');

var asset = tenable_ot::assets::get(vendor:'Rockwell');

var vuln_cpes = {
    "cpe:/h:rockwellautomation:allen-bradley_stratix_5900_industrial_managed_ethernet_switch" :
        {"versionEndExcluding" : "15.6.3", "family" : "Stratix"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);