Lucene search
Copyright (C) 2015 Greenbone AGOPENVAS:1361412562310105381HistorySep 21, 2015 - 12:00 a.m.
Cisco Catalyst 4500 IOS XE Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability
2015-09-2100:00:00
Copyright (C) 2015 Greenbone AG
plugins.openvas.org
10
6.1 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
6.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.7%
Cisco IOS XE contains a vulnerability that could allow an unauthenticated,
adjacent attacker to cause a denial of service condition.
# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/o:cisco:ios_xe";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.105381");
script_version("2023-07-25T05:05:58+0000");
script_tag(name:"last_modification", value:"2023-07-25 05:05:58 +0000 (Tue, 25 Jul 2023)");
script_tag(name:"creation_date", value:"2015-09-21 15:09:03 +0200 (Mon, 21 Sep 2015)");
script_tag(name:"cvss_base", value:"6.1");
script_tag(name:"cvss_base_vector", value:"AV:A/AC:L/Au:N/C:N/I:N/A:C");
script_cve_id("CVE-2015-6294");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"remote_banner");
script_name("Cisco Catalyst 4500 IOS XE Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability");
script_category(ACT_GATHER_INFO);
script_family("CISCO");
script_copyright("Copyright (C) 2015 Greenbone AG");
script_dependencies("gb_cisco_ios_xe_consolidation.nasl");
script_mandatory_keys("cisco/ios_xe/detected", "cisco/ios_xe/model");
script_tag(name:"summary", value:"Cisco IOS XE contains a vulnerability that could allow an unauthenticated,
adjacent attacker to cause a denial of service condition.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The vulnerability is due to improper processing of valid crafted Cisco
Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery
Protocol packets to be processed by an affected device.");
script_tag(name:"impact", value:"An exploit could allow the attacker to cause the software to stop
functioning properly, resulting in a DoS condition on the affected device.");
script_tag(name:"solution", value:"See the referenced vendor advisory for a solution.");
script_tag(name:"affected", value:"Cisco IOS XE Software Releases 3.6(2)E and prior on Cisco Catalyst 4500
Series Switches.");
script_xref(name:"URL", value:"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150916-CVE-2015-6294");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
model = get_kb_item( "cisco/ios_xe/model" );
if( ! model || model !~ "^WS-C45.." )
exit( 0 );
if( ! vers = get_app_version( cpe:CPE, nofork:TRUE ) )
exit( 0 );
if( version_is_less( version:vers, test_version:"03.06.02.E" ) ) {
report = report_fixed_ver( installed_version:vers, fixed_version:"3.6(2)E" );
security_message( port:0, data:report );
exit( 0 );
}
exit( 99 );
Related
cvelist
cvelist
CVE-2015-6294
2015-09-18 22:00:00
cisco
cisco
prion
prion
Code injection
2015-09-18 22:59:00
nvd
nvd
CVE-2015-6294
2015-09-18 22:59:01
cve
cve
CVE-2015-6294
2015-09-18 22:59:01
openvas
openvas
6.1 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
6.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.7%
Related for OPENVAS:1361412562310105381