Rockwell Automation Stratix Cisco IOS and IOS XE Software DNS Forwarder Denial of Service (CVE-2016-6380)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501822);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/16");

  script_cve_id("CVE-2016-6380");

  script_name(english:"Rockwell Automation Stratix Cisco IOS and IOS XE Software DNS Forwarder Denial of Service (CVE-2016-6380)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in the DNS forwarder functionality of Cisco IOS and 
IOS XE Software could allow an unauthenticated, remote attacker to 
cause the device to reload, corrupt the information present in the 
device's local DNS cache, or read part of the process memory. 
The vulnerability is due to a flaw in handling crafted DNS response messages. 
An attacker could exploit this vulnerability by intercepting and crafting 
a DNS response message to a client DNS query that was forwarded from the 
affected device to a DNS server. A successful exploit could cause the device 
to reload, resulting in a denial of service (DoS) condition or corruption of 
the local DNS cache information. 

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?37daabf8");
  # https://www.rockwellautomation.com/en-us/support/advisory.PN965.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?141f2981");
  # https://www.cisa.gov/news-events/ics-advisories/icsa-17-094-04
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c7bf8ef2");
  script_set_attribute(attribute:"solution", value:
"Rockwell Automation has provided a new firmware version, 
Version 15.6.3, to mitigate these vulnerabilities.

See Rockwell Automation's security advisory for more information.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-6380");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(755);

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/10/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/15");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:rockwellautomation:allen-bradley_stratix_5900_industrial_managed_ethernet_switch");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Rockwell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Rockwell');

var asset = tenable_ot::assets::get(vendor:'Rockwell');

var vuln_cpes = {
    "cpe:/h:rockwellautomation:allen-bradley_stratix_5900_industrial_managed_ethernet_switch" :
        {"versionEndExcluding" : "15.6.3", "family" : "Stratix"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);