5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.4 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
54.2%
A vulnerability in packet processing functions of Cisco IOS XR
Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an
unauthenticated, remote attacker to cause cyclic redundancy check (CRC) and symbol errors on the
receiving interface of an affected device, which may lead to an interface flap.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/o:cisco:ios_xr";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.105646");
script_version("2024-02-26T14:36:40+0000");
script_tag(name:"last_modification", value:"2024-02-26 14:36:40 +0000 (Mon, 26 Feb 2024)");
script_tag(name:"creation_date", value:"2016-05-04 17:40:34 +0200 (Wed, 04 May 2016)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2016-12-03 03:20:00 +0000 (Sat, 03 Dec 2016)");
script_cve_id("CVE-2016-1376");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Cisco IOS XR for Cisco ASR 9000 Series Aggregation Services Routers Interface Flap Vulnerability (cisco-sa-20160412-asr)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("CISCO");
script_dependencies("gb_cisco_ios_xr_consolidation.nasl");
script_mandatory_keys("cisco/ios_xr/detected", "cisco/ios_xr/model");
script_tag(name:"summary", value:"A vulnerability in packet processing functions of Cisco IOS XR
Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an
unauthenticated, remote attacker to cause cyclic redundancy check (CRC) and symbol errors on the
receiving interface of an affected device, which may lead to an interface flap.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The vulnerability is due to improper processing of packets that
contain certain crafted bit patterns. An attacker could exploit this vulnerability by sending
crafted packets to be processed by a line card of an affected device.");
script_tag(name:"impact", value:"A successful exploit could allow the attacker to cause CRC and
symbol errors on the receiving interface of the device, which may lead to an interface flap.");
script_tag(name:"solution", value:"See the referenced vendor advisory for a solution.");
script_xref(name:"URL", value:"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-asr");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if ( ! model = get_kb_item( "cisco/ios_xr/model" ) )
exit( 0 );
if( "ASR9K" >!< model )
exit( 99 );
if( ! version = get_app_version( cpe:CPE, nofork:TRUE ) )
exit( 0 );
affected = make_list( "4.2.3", "4.3.0", "4.3.2", "4.3.4", "5.3.1" );
foreach af ( affected ) {
if( version == af ) {
report = report_fixed_ver( installed_version:version, fixed_version:"See vendor advisory" );
security_message( port:0, data:report );
exit( 0 );
}
}
exit( 99 );
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.4 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
54.2%