Cisco IOS Software Traffic Optimization Features Multiple DoS

2012-04-0200:00:00

www.tenable.com

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.019

Percentile

88.6%

JSON

The version of Cisco IOS installed on the remote device is affected by multiple denial of service vulnerabilities due to message parsing flaws related to the Wide Area Application Services (WAAS) Express feature and the Measurement, Aggregation, and Correlation Engine (MACE) feature. A remote, unauthenticated attacker can exploit these flaws, via crafted requests, to cause a device reload or consumption of memory, resulting in a denial of service condition.

#TRUSTED 1b11c742ae7827214d3ac94057c2e987f4093eba3a8354a4e93364b6501624de4790eba6b74672691c0c44305132d6886bcb806e568be4a3aff7f176d3f060a8608a73af2d5e9ca8f12d535acab429d7496af2489470578e00a9d39367a0502ed4817545dff244399a4fa64c89d783bd1cb2e66b6bef52c8a32afca3ba6762952a5f20c752b1f594bdfe3c31730c5602113a39a4a9c017d5a144fe3c04bfd5d61cf0c408e6d69eb38d1d2aa32e4351feaaa02380552c3d90adb13080b68c60ae3e1c8c37046aeb317486d2ea6c9ee34a451b71255698edf08fb4b45f971f738609161e896438e59ebb01637c2fcf14991a18644dcbe7cf0c75781086cc6844341cf83a5923ce6e031aa89b732d0f86da0031b7f9aeb8ded9e8e5efb1b8a0d9ed4b03be9faecba11e24b05e8cf597a90acda5a535345ab5bf447c9ec6d7e6c7f688a6eecc054e7efbbf35e6b3f3d322d4c46816e3541e6ee3f5027784d33e42076a6898b034bf2df6f70de41a3e5e949bb3961ee2af04601fd856c872e5114ede4bda32b71b12eaa294eeea5ff8c5200071ab014c43c0956497b2a14b2a8e2fb791694d0dbb0148f593328584cc4383ad0246e741de4cc857b7bd995e1a56e4d0cf84a3f818dcc9067ac2eab145484c2edc45e20a511b0f461ebe1e7784b69a3a84ba03d7a95adb1e33b11122f3d79b5fd3d82a8abbcc0415152f354924418b6e
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(58567);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15");

  script_cve_id("CVE-2012-1312", "CVE-2012-1314");
  script_bugtraq_id(52751);
  script_xref(name:"CISCO-BUG-ID", value:"CSCtq64987");
  script_xref(name:"CISCO-BUG-ID", value:"CSCtt45381");
  script_xref(name:"CISCO-BUG-ID", value:"CSCtu57226");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20120328-mace");

  script_name(english:"Cisco IOS Software Traffic Optimization Features Multiple DoS");
  script_summary(english:"Checks the IOS version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The version of Cisco IOS installed on the remote device is affected
by multiple denial of service vulnerabilities due to message parsing
flaws related to the Wide Area Application Services (WAAS) Express
feature and the Measurement, Aggregation, and Correlation Engine
(MACE) feature. A remote, unauthenticated attacker can exploit these
flaws, via crafted requests, to cause a device reload or consumption
of memory, resulting in a denial of service condition.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-mace
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ec691d50");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20120328-mace.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value: "cpe:/o:cisco:ios");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
  script_family(english:"CISCO");

  script_dependencies("cisco_ios_version.nasl");
  script_require_keys("Host/Cisco/IOS/Version");
  exit(0);
}

include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

version = get_kb_item_or_exit("Host/Cisco/IOS/Version");

vuln     = FALSE;
override = FALSE;
  
vuln_versions = make_list(
  "15.2(2)T",
  "15.2(1)T1",
  "15.2(1)T",
  "15.2(1)GC1",
  "15.2(1)GC",
  "15.1(4)M3a",
  "15.1(4)M3",
  "15.1(4)M2",
  "15.1(4)M1",
  "15.1(4)M0b",
  "15.1(4)M0a",
  "15.1(4)M"
);

foreach ver (vuln_versions)
{
  if (ver == version)
  {
    vuln = TRUE;
    break;
  }
}

if (!vuln) audit(AUDIT_INST_VER_NOT_VULN, 'Cisco IOS', version);

bugs = make_list();

# Check for WAAS Express or MACE
if (vuln && get_kb_item("Host/local_checks_enabled"))
{
  buf = cisco_command_kb_item("Host/Cisco/Config/show_running-config",
                              "show running-config");
  if (check_cisco_result(buf))
  {
    # WAAS Express : 2 checks for WAAS Express to distinguish it from WAAS
    if (preg(multiline:TRUE, pattern:"^(parameter|policy)-map type waas ", string:buf) &&
        preg(multiline:TRUE, pattern:"^\s*waas enable", string:buf))
      bugs = make_list("CSCtt45381");
    # MACE check
    if (preg(multiline:TRUE, pattern:"^\s*mace enable", string:buf))
      bugs = make_list(bugs, "CSCtq64987", "CSCtu57226");
  }
  else if (cisco_needs_enable(buf))
  {
    bugs     = make_list("CSCtt45381", "CSCtq64987", "CSCtu57226");
    override = TRUE;
  }
}

if (empty(bugs)) audit(AUDIT_HOST_NOT, "affected");

if (report_verbosity > 0)
{
  report =
    '\n  Cisco bug IDs     : ' + join(bugs, sep:' / ') +
    '\n  Installed release : ' + ver +
    '\n';
  security_hole(port:0, extra:report + cisco_caveat(override));
}
else security_hole(port:0, extra:cisco_caveat(override));