Cisco ASA VPN ISAKMP DoS Vulnerability (cisco-sa-20151021-asa-ike)

2015-11-2500:00:00
plugins.openvas.org
6.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
48.4%
JSON
A vulnerability in the IKE code of Cisco ASA may lead to a
denial of service.
# Copyright (C) 2015 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

CPE = "cpe:/a:cisco:asa";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.106051");
  script_version("2022-02-14T09:43:40+0000");
  script_tag(name:"last_modification", value:"2022-02-14 09:43:40 +0000 (Mon, 14 Feb 2022)");
  script_tag(name:"creation_date", value:"2015-11-25 11:40:51 +0700 (Wed, 25 Nov 2015)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_cve_id("CVE-2015-6327");

  script_name("Cisco ASA VPN ISAKMP DoS Vulnerability (cisco-sa-20151021-asa-ike)");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
  script_family("CISCO");
  script_dependencies("gb_cisco_asa_version.nasl", "gb_cisco_asa_version_snmp.nasl");
  script_mandatory_keys("cisco_asa/version", "cisco_asa/model");

  script_tag(name:"summary", value:"A vulnerability in the IKE code of Cisco ASA may lead to a
  denial of service.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"A vulnerability in the Internet Key Exchange (IKE) version 1
  code could allow an unauthenticated, remote attacker to cause an affected system to reload. The
  vulnerability is due to improper handling of Internet Security Association and Key Management
  Protocol (ISAKMP) packets. An attacker could exploit this vulnerability by sending crafted UDP
  packets to the affected system. Only traffic directed to the affected system can be used to
  exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode
  only and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6
  traffic.");

  script_tag(name:"impact", value:"An unauthenticated, remote attacker could cause the system to
  reload.");

  script_tag(name:"affected", value:"Version 7.2, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7, 9.0, 9.1, 9.2 and
  9.3 on Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series
  Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and
  Cisco 7600 Series Routers, Cisco ASA 1000V Cloud Firewall, Cisco Adaptive Security Virtual
  Appliance (ASAv).");

  script_tag(name:"solution", value:"See the referenced vendor advisory for a solution.");

  script_xref(name:"URL", value:"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-ike");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

model = get_kb_item("cisco_asa/model");
if (!model || (toupper(model) !~ "^ASAv" && toupper(model) !~ "^ASA55[0-9][0-9]"))
  exit(99);

if (!version = get_app_version(cpe: CPE, nofork: TRUE))
  exit(0);

if (version_in_range_exclusive(version: version, test_version_lo: "7.2", test_version_up: "8.2.5.58")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "8.2(5.58)");
  security_message(port: 0, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "8.3", test_version_up: "8.4.7.29")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "8.4(7.29)");
  security_message(port: 0, data: report);
  exit(0);
}

if (version =~ "^8\.[56]") {
  report = report_fixed_ver(installed_version: version, fixed_version: "9.0(4.37)");
  security_message(port: 0, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "8.7", test_version_up: "8.7.1.17")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "8.7(1.17)");
  security_message(port: 0, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "9.0", test_version_up: "9.0.4.37")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "9.0(4.37)");
  security_message(port: 0, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "9.1", test_version_up: "9.1.6.8")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "9.1(6.8)");
  security_message(port: 0, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "9.2", test_version_up: "9.2.4")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "9.2(4)");
  security_message(port: 0, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "9.3", test_version_up: "9.3.3")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "9.3(3)");
  security_message(port: 0, data: report);
  exit(0);
}

exit(99);