Lucene search

K
openvasCopyright (C) 2017 Greenbone AGOPENVAS:1361412562310811051
HistoryMay 23, 2017 - 12:00 a.m.

Cisco TelePresence CE and TC Software ICMP DoS Vulnerability (cisco-sa-20170503-ctp)

2017-05-2300:00:00
Copyright (C) 2017 Greenbone AG
plugins.openvas.org
22

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

72.1%

Cisco TelePresence Endpoint is prone to a denial of service (DoS) vulnerability.

# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:cisco:telepresence_mcu_mse_series_software";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.811051");
  script_version("2023-07-25T05:05:58+0000");
  script_cve_id("CVE-2017-3825");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_tag(name:"last_modification", value:"2023-07-25 05:05:58 +0000 (Tue, 25 Jul 2023)");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2017-07-11 01:33:00 +0000 (Tue, 11 Jul 2017)");
  script_tag(name:"creation_date", value:"2017-05-23 12:24:36 +0530 (Tue, 23 May 2017)");
  script_tag(name:"qod_type", value:"remote_banner");
  script_name("Cisco TelePresence CE and TC Software ICMP DoS Vulnerability (cisco-sa-20170503-ctp)");

  script_tag(name:"summary", value:"Cisco TelePresence Endpoint is prone to a denial of service (DoS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The vulnerability is due to incomplete
  input validation for the size of a received ICMP packet.");

  script_tag(name:"impact", value:"Successful exploitation will allow an
  unauthenticated, remote attacker to cause the TelePresence endpoint to
  reload unexpectedly, resulting in a denial of service (DoS) condition.");

  script_tag(name:"affected", value:"Cisco TelePresence products when running
  software release CE8.1.0, CE8.0.0, CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2,
  CE 8.3.0, or CE8.3.1. Also TC4.2 through TC4.2.4, TC5.1.11, TC5.1.13,
  TC6.0.2 through TC6.0.4, TC6.1.3, TC6.1.4, TC6.3.1 through TC6.3.5, TC7.3.6,
  TC7.3.7, TC7.1.1 through TC7.1.4 are affected. This vulnerability affects the
  following Cisco TelePresence products,
  Spark Room OS,
  TelePresence DX Series,
  TelePresence MX Series,
  TelePresence SX Quick Set Series, and
  TelePresence SX Series.");

  script_tag(name:"solution", value:"Upgrade to Cisco TelePresence Collaboration
  Endpoint (CE) Software release 8.3.2 or later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_xref(name:"URL", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb95396");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/98293");
  script_xref(name:"URL", value:"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2017 Greenbone AG");
  script_family("CISCO");
  script_dependencies("gb_cisco_telepresence_detect_snmp.nasl", "gb_cisco_telepresence_detect_ftp.nasl");
  script_mandatory_keys("cisco/telepresence/version");
  exit(0);
}


include("host_details.inc");
include("version_func.inc");

if(!cisport = get_app_port(cpe:CPE)){
  exit(0);
}

if(!version = get_app_version(cpe:CPE, port:cisport)){
  exit(0);
}

if(!typ = get_kb_item("cisco/telepresence/typ" )) exit( 0 );

## TelePresence MX Series
## http://www.red-thread.com/products/telepresence-mx-series/
## typ !~ 'MX(2|3|7|8)00$' && typ !~ 'G2$' &&  typ !~ ' (42|52)/55$' && typ !~ ' (42|52)/55( Dual$)'
## TelePresence SX Quick Set Series and TelePresence SX Series
## https://blogs.cisco.com/ciscoit/b-c-07232014-cisco-sx-series-adding-tp-to-every-screen
## typ !~ 'SX(1|2|8)0$' && typ !~ 'SpeakerTrack$'
## TelePresence DX Series
## http://cdn2.hubspot.net/hub/160452/file-1411244501-pdf/docs/cisco_dx_series.pdf
## typ !~ 'DX(65|7|8)0$'

## Not covering Spark Room OS
if(typ !~ 'MX(2|3|7|8)00$' && typ !~ 'G2$' &&  typ !~ ' (42|52)/55$' && typ !~ ' (42|52)/55( Dual$)' &&
   typ !~ 'SX(1|2|8)0$' && typ !~ 'SpeakerTrack$' &&
   typ !~ 'DX(65|7|8)0$') {
  exit( 0 );
}

## TE and CE affected but pattern coming like this only
ciscoVer = eregmatch(pattern:"^T[CE]([^$]+$)", string:version, icase:TRUE);
if(isnull(ciscoVer[1])){
  exit(0);
}

verscat = ciscoVer[0];
vers = ciscoVer[1];

if(verscat =~ "^ce.")
{
  if(vers =~ "^8\.0\.0" || vers =~ "^8\.1\.0" || vers =~ "^8\.1\.1" ||
     vers =~ "^8\.2\.0" || vers =~ "^8\.2\.1" || vers =~ "^8\.2\.2" ||
     vers =~ "^8\.3\.0" || vers =~ "^8\.3\.1"){
    fix = "8.3.2";
  }
}

## TC is in maintenance mode, no new release will be made
else if(verscat =~ "^tc.")
{
  if(vers =~ "^4\.2\.[0-4]" || vers =~ "^5\.1\.(11|13)" || vers =~ "^6\.0\.[2-4]" ||
     vers =~ "^6\.1\.[3-4]" || vers =~ "^6\.3\.[1-5]" || vers =~ "^7\.3\.[6-7]" ||
     vers =~ "^7\.1\.[1-4]"){
    fix = "Apply patch from vendor or upgrade to CE8.3.2";
  }
}

if(fix)
{
  report = report_fixed_ver(installed_version:vers, fixed_version:fix);
  security_message( port:cisport, data:report);
  exit(0);
}

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

72.1%

Related for OPENVAS:1361412562310811051