Cisco Adaptive Security Appliance Xlates Table Exhaustion Vulnerability

2016-09-01T00:00:00
ID OPENVAS:1361412562310106215
Type openvas
Reporter This script is Copyright (C) 2016 Greenbone Networks GmbH
Modified 2019-10-09T00:00:00

Description

Cisco Adaptive Security Appliance (ASA) Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to the improper implementation of the Network Address Translation (NAT) process by the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted packets to the targeted device. If successful, an attacker could cause a delay in new valid connections until the invalid entries expire, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. However, mitigations for this vulnerability are available.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Cisco Adaptive Security Appliance Xlates Table Exhaustion Vulnerability
#
# Authors:
# Christian Kuersteiner <christian.kuersteiner@greenbone.net>
#
# Copyright:
# Copyright (c) 2016 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

CPE = "cpe:/a:cisco:asa";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.106215");
  script_cve_id("CVE-2013-1138");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_version("2019-10-09T06:43:33+0000");

  script_name("Cisco Adaptive Security Appliance Xlates Table Exhaustion Vulnerability");

  script_xref(name:"URL", value:"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20130226-CVE-2013-1138");


  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"solution", value:"See the referenced vendor advisory for a solution.");
  script_tag(name:"summary", value:"Cisco Adaptive Security Appliance (ASA) Software contains a vulnerability
that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to the improper implementation of the Network Address Translation (NAT) process by
the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted
packets to the targeted device. If successful, an attacker could cause a delay in new valid connections until
the invalid entries expire, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this
vulnerability. However, mitigations for this vulnerability are available.");

  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"last_modification", value:"2019-10-09 06:43:33 +0000 (Wed, 09 Oct 2019)");
  script_tag(name:"creation_date", value:"2016-09-01 16:54:38 +0700 (Thu, 01 Sep 2016)");
  script_category(ACT_GATHER_INFO);
  script_family("CISCO");
  script_copyright("This script is Copyright (C) 2016 Greenbone Networks GmbH");
  script_dependencies("gb_cisco_asa_version.nasl", "gb_cisco_asa_version_snmp.nasl");
  script_mandatory_keys("cisco_asa/version");
  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! version = get_app_version( cpe:CPE, nofork: TRUE ) ) exit( 0 );
check_vers = ereg_replace(string:version, pattern:"\(([0-9.]+)\)", replace:".\1");

affected = make_list(
  '7.0.1',
  '7.2.1',
  '7.2.2.29',
  '8.1.1',
  '8.2.1',
  '8.3.1',
  '8.4.1',
  '8.4.1.3',
  '8.4.1.11',
  '8.4.2',
  '8.4.2.8',
  '8.4.3',
  '8.4.3.8',
  '8.4.3.9',
  '8.4.4',
  '8.4.4.1',
  '8.4.4.2',
  '8.4.4.3',
  '8.4.4.5',
  '8.4.4.9',
  '8.4.5' );

foreach af ( affected )
{
  if( check_vers == af )
  {
    report = report_fixed_ver(  installed_version:version, fixed_version: "See advisory" );
    security_message( port:0, data:report );
    exit( 0 );
  }
}

exit( 99 );