Cisco IOS Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability

# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/o:cisco:ios";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.106307");
  script_cve_id("CVE-2016-6381");
  script_tag(name:"cvss_base", value:"7.1");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:C");
  script_version("2023-07-21T05:05:22+0000");

  script_name("Cisco IOS Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability");

  script_xref(name:"URL", value:"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ios-ikev1");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"solution", value:"See the referenced vendor advisory for a solution.");

  script_tag(name:"summary", value:"A vulnerability in the Internet Key Exchange version 1 (IKEv1) fragmentation
code of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an exhaustion of available
memory or a reload of the affected system.");

  script_tag(name:"insight", value:"The vulnerability is due to the improper handling of crafted, fragmented
IKEv1 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected
system.");

  script_tag(name:"impact", value:"An exploit could allow the attacker to cause a reload of the affected
system.");

  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"last_modification", value:"2023-07-21 05:05:22 +0000 (Fri, 21 Jul 2023)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2020-09-29 12:12:00 +0000 (Tue, 29 Sep 2020)");
  script_tag(name:"creation_date", value:"2016-09-29 15:08:49 +0700 (Thu, 29 Sep 2016)");
  script_category(ACT_GATHER_INFO);
  script_family("CISCO");
  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_dependencies("gb_ssh_cisco_ios_get_version.nasl");
  script_mandatory_keys("cisco_ios/version");
  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! version = get_app_version( cpe:CPE ) ) exit( 0 );

affected = make_list(
  '12.4(22)GC1',
  '12.4(24)GC1',
  '12.4(24)GC3',
  '12.4(24)GC3a',
  '12.4(24)GC4',
  '12.4(24)GC5',
  '12.4(22)MD',
  '12.4(22)MD1',
  '12.4(22)MD2',
  '12.4(24)MD',
  '12.4(24)MD1',
  '12.4(24)MD2',
  '12.4(24)MD3',
  '12.4(24)MD4',
  '12.4(24)MD5',
  '12.4(24)MD6',
  '12.4(24)MD7',
  '12.4(22)MDA',
  '12.4(22)MDA1',
  '12.4(22)MDA2',
  '12.4(22)MDA3',
  '12.4(22)MDA4',
  '12.4(22)MDA5',
  '12.4(22)MDA6',
  '12.4(24)MDA1',
  '12.4(24)MDA10',
  '12.4(24)MDA11',
  '12.4(24)MDA12',
  '12.4(24)MDA13',
  '12.4(24)MDA2',
  '12.4(24)MDA3',
  '12.4(24)MDA4',
  '12.4(24)MDA5',
  '12.4(24)MDA6',
  '12.4(24)MDA7',
  '12.4(24)MDA8',
  '12.4(24)MDA9',
  '12.4(24)MDB',
  '12.4(24)MDB1',
  '12.4(24)MDB10',
  '12.4(24)MDB11',
  '12.4(24)MDB12',
  '12.4(24)MDB13',
  '12.4(24)MDB14',
  '12.4(24)MDB15',
  '12.4(24)MDB16',
  '12.4(24)MDB17',
  '12.4(24)MDB18',
  '12.4(24)MDB19',
  '12.4(24)MDB3',
  '12.4(24)MDB4',
  '12.4(24)MDB5',
  '12.4(24)MDB5a',
  '12.4(24)MDB6',
  '12.4(24)MDB7',
  '12.4(24)MDB8',
  '12.4(24)MDB9',
  '12.4(20)MR',
  '12.4(20)MR2',
  '12.4(20)MRB',
  '12.4(20)MRB1',
  '12.4(15)T10',
  '12.4(15)T11',
  '12.4(15)T12',
  '12.4(15)T13',
  '12.4(15)T14',
  '12.4(15)T15',
  '12.4(15)T16',
  '12.4(15)T17',
  '12.4(15)T7',
  '12.4(15)T8',
  '12.4(15)T9',
  '12.4(20)T1',
  '12.4(20)T2',
  '12.4(20)T3',
  '12.4(20)T4',
  '12.4(20)T5',
  '12.4(20)T6',
  '12.4(22)T',
  '12.4(22)T1',
  '12.4(22)T2',
  '12.4(22)T3',
  '12.4(22)T4',
  '12.4(22)T5',
  '12.4(24)T',
  '12.4(24)T1',
  '12.4(24)T2',
  '12.4(24)T3',
  '12.4(24)T3e',
  '12.4(24)T3f',
  '12.4(24)T4',
  '12.4(24)T4a',
  '12.4(24)T4b',
  '12.4(24)T4c',
  '12.4(24)T4d',
  '12.4(24)T4e',
  '12.4(24)T4f',
  '12.4(24)T4l',
  '12.4(24)T5',
  '12.4(24)T6',
  '12.4(24)T7',
  '12.4(24)T8',
  '12.4(15)XL4',
  '12.4(15)XL5',
  '12.4(22)XR1',
  '12.4(22)XR10',
  '12.4(22)XR11',
  '12.4(22)XR12',
  '12.4(22)XR2',
  '12.4(22)XR3',
  '12.4(22)XR4',
  '12.4(22)XR5',
  '12.4(22)XR6',
  '12.4(22)XR7',
  '12.4(22)XR8',
  '12.4(22)XR9',
  '12.4(22)YB',
  '12.4(22)YB1',
  '12.4(22)YB2',
  '12.4(22)YB3',
  '12.4(22)YB4',
  '12.4(22)YB5',
  '12.4(22)YB6',
  '12.4(22)YB7',
  '12.4(22)YB8',
  '12.4(22)YD',
  '12.4(22)YD1',
  '12.4(22)YD2',
  '12.4(22)YD3',
  '12.4(22)YD4',
  '12.4(22)YE',
  '12.4(22)YE1',
  '12.4(22)YE2',
  '12.4(22)YE3',
  '12.4(22)YE4',
  '12.4(22)YE5',
  '12.4(22)YE6',
  '12.4(24)YE',
  '12.4(24)YE1',
  '12.4(24)YE2',
  '12.4(24)YE3',
  '12.4(24)YE3a',
  '12.4(24)YE3b',
  '12.4(24)YE3c',
  '12.4(24)YE3d',
  '12.4(24)YE3e',
  '12.4(24)YE4',
  '12.4(24)YE5',
  '12.4(24)YE6',
  '12.4(24)YE7',
  '12.4(24)YG1',
  '12.4(24)YG2',
  '12.4(24)YG3',
  '12.4(24)YG4',
  '15.0(2)EB',
  '15.0(2)EC',
  '15.0(2)ED',
  '15.0(2)ED1',
  '15.0(2)EH',
  '15.0(2)EJ',
  '15.0(2)EJ1',
  '15.0(2)EK',
  '15.0(2)EK1',
  '15.0(2)EX',
  '15.0(2)EX1',
  '15.0(2)EX10',
  '15.0(2)EX2',
  '15.0(2)EX3',
  '15.0(2)EX4',
  '15.0(2)EX5',
  '15.0(2)EX8',
  '15.0(2a)EX5',
  '15.0(2)EY',
  '15.0(2)EY1',
  '15.0(2)EY2',
  '15.0(2)EY3',
  '15.0(2)EZ',
  '15.0(1)M',
  '15.0(1)M1',
  '15.0(1)M10',
  '15.0(1)M2',
  '15.0(1)M3',
  '15.0(1)M4',
  '15.0(1)M5',
  '15.0(1)M6',
  '15.0(1)M7',
  '15.0(1)M8',
  '15.0(1)M9',
  '15.0(1)MR',
  '15.0(2)MR',
  '15.0(1)S',
  '15.0(1)S1',
  '15.0(1)S2',
  '15.0(1)S3a',
  '15.0(1)S4',
  '15.0(1)S4a',
  '15.0(1)S5',
  '15.0(1)S6',
  '15.0(2)SE',
  '15.0(2)SE1',
  '15.0(2)SE2',
  '15.0(2)SE3',
  '15.0(2)SE4',
  '15.0(2)SE5',
  '15.0(2)SE6',
  '15.0(2)SE7',
  '15.0(2)SE9',
  '15.0(2a)SE9',
  '15.0(1)XA',
  '15.0(1)XA1',
  '15.0(1)XA2',
  '15.0(1)XA3',
  '15.0(1)XA4',
  '15.0(1)XA5',
  '15.1(2)EY',
  '15.1(2)EY1a',
  '15.1(2)EY2',
  '15.1(2)EY2a',
  '15.1(2)EY3',
  '15.1(2)EY4',
  '15.1(2)GC',
  '15.1(2)GC1',
  '15.1(2)GC2',
  '15.1(4)GC',
  '15.1(4)GC1',
  '15.1(4)GC2',
  '15.1(4)M',
  '15.1(4)M1',
  '15.1(4)M10',
  '15.1(4)M12a',
  '15.1(4)M2',
  '15.1(4)M3',
  '15.1(4)M3a',
  '15.1(4)M4',
  '15.1(4)M5',
  '15.1(4)M6',
  '15.1(4)M7',
  '15.1(4)M8',
  '15.1(4)M9',
  '15.1(1)MR',
  '15.1(1)MR1',
  '15.1(1)MR2',
  '15.1(1)MR3',
  '15.1(1)MR4',
  '15.1(3)MR',
  '15.1(3)MRA',
  '15.1(3)MRA1',
  '15.1(3)MRA2',
  '15.1(3)MRA3',
  '15.1(3)MRA4',
  '15.1(1)S',
  '15.1(1)S1',
  '15.1(1)S2',
  '15.1(2)S',
  '15.1(2)S1',
  '15.1(2)S2',
  '15.1(3)S',
  '15.1(3)S0a',
  '15.1(3)S1',
  '15.1(3)S2',
  '15.1(3)S3',
  '15.1(3)S4',
  '15.1(3)S5',
  '15.1(3)S5a',
  '15.1(3)S6',
  '15.1(1)SG',
  '15.1(1)SG1',
  '15.1(1)SG2',
  '15.1(2)SG',
  '15.1(2)SG1',
  '15.1(2)SG2',
  '15.1(2)SG3',
  '15.1(2)SG4',
  '15.1(2)SG5',
  '15.1(2)SG6',
  '15.1(2)SG7',
  '15.1(2)SNG',
  '15.1(2)SNH',
  '15.1(2)SNI',
  '15.1(2)SNI1',
  '15.1(3)SVB1',
  '15.1(3)SVD',
  '15.1(3)SVD1',
  '15.1(3)SVD2',
  '15.1(3)SVE',
  '15.1(3)SVF',
  '15.1(3)SVF1',
  '15.1(3)SVF4a',
  '15.1(1)SY',
  '15.1(1)SY1',
  '15.1(1)SY2',
  '15.1(1)SY3',
  '15.1(1)SY4',
  '15.1(1)SY5',
  '15.1(1)SY6',
  '15.1(2)SY',
  '15.1(2)SY1',
  '15.1(2)SY2',
  '15.1(2)SY3',
  '15.1(2)SY4',
  '15.1(2)SY4a',
  '15.1(2)SY5',
  '15.1(2)SY6',
  '15.1(2)SY7',
  '15.1(1)T',
  '15.1(1)T1',
  '15.1(1)T2',
  '15.1(1)T3',
  '15.1(1)T4',
  '15.1(1)T5',
  '15.1(2)T',
  '15.1(2)T0a',
  '15.1(2)T1',
  '15.1(2)T2',
  '15.1(2)T2a',
  '15.1(2)T3',
  '15.1(2)T4',
  '15.1(2)T5',
  '15.1(3)T',
  '15.1(3)T1',
  '15.1(3)T2',
  '15.1(3)T3',
  '15.1(3)T4',
  '15.1(1)XB',
  '15.2(1)E',
  '15.2(1)E1',
  '15.2(1)E2',
  '15.2(1)E3',
  '15.2(2)E',
  '15.2(2)E1',
  '15.2(2)E2',
  '15.2(2)E4',
  '15.2(2a)E1',
  '15.2(3)E',
  '15.2(3)E1',
  '15.2(3)E2',
  '15.2(3)E3',
  '15.2(3a)E',
  '15.2(3m)E2',
  '15.2(3m)E3',
  '15.2(3m)E8',
  '15.2(4)E',
  '15.2(4)E1',
  '15.2(4m)E1',
  '15.2(2)EB',
  '15.2(2)EB1',
  '15.2(2)EB2',
  '15.2(1)EY',
  '15.2(1)GC',
  '15.2(1)GC1',
  '15.2(1)GC2',
  '15.2(2)GC',
  '15.2(3)GC',
  '15.2(3)GC1',
  '15.2(4)GC',
  '15.2(4)GC1',
  '15.2(4)GC2',
  '15.2(4)GC3',
  '15.2(2)JA',
  '15.2(2)JA1',
  '15.2(4)JA',
  '15.2(4)JA1',
  '15.2(2)JAX',
  '15.2(2)JAX1',
  '15.2(2)JB',
  '15.2(2)JB2',
  '15.2(2)JB3',
  '15.2(2)JB4',
  '15.2(2)JB5',
  '15.2(4)JB',
  '15.2(4)JB1',
  '15.2(4)JB2',
  '15.2(4)JB3',
  '15.2(4)JB3a',
  '15.2(4)JB3b',
  '15.2(4)JB3h',
  '15.2(4)JB3s',
  '15.2(4)JB4',
  '15.2(4)JB5',
  '15.2(4)JB5h',
  '15.2(4)JB5m',
  '15.2(4)JB50',
  '15.2(4)JB6',
  '15.2(4)JB7',
  '15.2(2)JN1',
  '15.2(2)JN2',
  '15.2(4)JN',
  '15.2(4)M',
  '15.2(4)M1',
  '15.2(4)M10',
  '15.2(4)M11',
  '15.2(4)M2',
  '15.2(4)M3',
  '15.2(4)M4',
  '15.2(4)M5',
  '15.2(4)M6',
  '15.2(4)M6a',
  '15.2(4)M7',
  '15.2(4)M8',
  '15.2(4)M9',
  '15.2(1)S',
  '15.2(1)S1',
  '15.2(1)S2',
  '15.2(2)S',
  '15.2(2)S0a',
  '15.2(2)S0c',
  '15.2(2)S1',
  '15.2(2)S2',
  '15.2(4)S',
  '15.2(4)S1',
  '15.2(4)S2',
  '15.2(4)S3',
  '15.2(4)S3a',
  '15.2(4)S4',
  '15.2(4)S4a',
  '15.2(4)S5',
  '15.2(4)S6',
  '15.2(4)S7',
  '15.2(2)SNG',
  '15.2(2)SNH1',
  '15.2(2)SNI',
  '15.2(1)SY',
  '15.2(1)SY0a',
  '15.2(1)SY1',
  '15.2(1)SY1a',
  '15.2(1)SY2',
  '15.2(2)SY',
  '15.2(2)SY1',
  '15.2(1)T',
  '15.2(1)T1',
  '15.2(1)T2',
  '15.2(1)T3',
  '15.2(1)T3a',
  '15.2(1)T4',
  '15.2(2)T',
  '15.2(2)T1',
  '15.2(2)T2',
  '15.2(2)T3',
  '15.2(2)T4',
  '15.2(3)T',
  '15.2(3)T1',
  '15.2(3)T2',
  '15.2(3)T3',
  '15.2(3)T4',
  '15.3(3)JA',
  '15.3(3)JA1',
  '15.3(3)JA1m',
  '15.3(3)JA1n',
  '15.3(3)JA4',
  '15.3(3)JA5',
  '15.3(3)JA6',
  '15.3(3)JA7',
  '15.3(3)JA77',
  '15.3(3)JA8',
  '15.3(3)JA9',
  '15.3(3)JAA',
  '15.3(3)JAB',
  '15.3(3)JAX',
  '15.3(3)JAX1',
  '15.3(3)JAX2',
  '15.3(3)JB',
  '15.3(3)JB75',
  '15.3(3)JBB',
  '15.3(3)JBB1',
  '15.3(3)JBB2',
  '15.3(3)JBB4',
  '15.3(3)JBB5',
  '15.3(3)JBB50',
  '15.3(3)JBB6',
  '15.3(3)JBB6a',
  '15.3(3)JBB8',
  '15.3(3)JC',
  '15.3(3)JN3',
  '15.3(3)JN4',
  '15.3(3)JN7',
  '15.3(3)JN8',
  '15.3(3)JNB',
  '15.3(3)JNB1',
  '15.3(3)JNB2',
  '15.3(3)JNB3',
  '15.3(3)JNC',
  '15.3(3)JNC1',
  '15.3(3)JNP',
  '15.3(3)JNP1',
  '15.3(3)M',
  '15.3(3)M1',
  '15.3(3)M2',
  '15.3(3)M3',
  '15.3(3)M4',
  '15.3(3)M5',
  '15.3(3)M6',
  '15.3(3)M7',
  '15.3(1)S',
  '15.3(1)S1',
  '15.3(1)S2',
  '15.3(2)S',
  '15.3(2)S0a',
  '15.3(2)S1',
  '15.3(2)S2',
  '15.3(3)S',
  '15.3(3)S1',
  '15.3(3)S1a',
  '15.3(3)S2',
  '15.3(3)S3',
  '15.3(3)S4',
  '15.3(3)S5',
  '15.3(3)S6',
  '15.3(3)S7',
  '15.3(1)SY',
  '15.3(1)T',
  '15.3(1)T1',
  '15.3(1)T2',
  '15.3(1)T3',
  '15.3(1)T4',
  '15.3(2)T',
  '15.3(2)T1',
  '15.3(2)T2',
  '15.3(2)T3',
  '15.3(2)T4',
  '15.4(1)CG',
  '15.4(1)CG1',
  '15.4(2)CG',
  '15.4(3)M',
  '15.4(3)M1',
  '15.4(3)M2',
  '15.4(3)M3',
  '15.4(3)M4',
  '15.4(3)M5',
  '15.4(1)S',
  '15.4(1)S1',
  '15.4(1)S2',
  '15.4(1)S3',
  '15.4(1)S4',
  '15.4(2)S',
  '15.4(2)S1',
  '15.4(2)S2',
  '15.4(2)S3',
  '15.4(2)S4',
  '15.4(3)S',
  '15.4(3)S1',
  '15.4(3)S2',
  '15.4(3)S3',
  '15.4(3)S4',
  '15.4(3)S5',
  '15.4(1)T',
  '15.4(1)T1',
  '15.4(1)T2',
  '15.4(1)T3',
  '15.4(1)T4',
  '15.4(2)T',
  '15.4(2)T1',
  '15.4(2)T2',
  '15.4(2)T3',
  '15.4(2)T4',
  '15.5(3)M',
  '15.5(3)M0a',
  '15.5(3)M1',
  '15.5(3)M2',
  '15.5(1)S',
  '15.5(1)S1',
  '15.5(1)S2',
  '15.5(1)S3',
  '15.5(2)S',
  '15.5(2)S1',
  '15.5(2)S2',
  '15.5(2)S3',
  '15.5(3)S',
  '15.5(3)S0a',
  '15.5(3)S1',
  '15.5(3)S1a',
  '15.5(3)S2',
  '15.5(3)SN',
  '15.5(1)T4',
  '15.5(2)T4',
  '15.5(1)T',
  '15.5(1)T1',
  '15.5(1)T2',
  '15.5(1)T3',
  '15.5(2)T',
  '15.5(2)T1',
  '15.5(2)T2',
  '15.5(2)T3',
  '15.6(1)S',
  '15.6(1)S1',
  '15.6(2)S',
  '15.6(2)SN',
  '15.6(1)T',
  '15.6(1)T0a',
  '15.6(1)T1' );

foreach af ( affected )
{
  if( version == af )
  {
    report = report_fixed_ver(  installed_version:version, fixed_version: "See advisory" );
    security_message( port:0, data:report );
    exit( 0 );
  }
}

exit( 99 );