CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS
Percentile
88.6%
Cisco IOS Software contains four vulnerabilities related to Cisco IOS Zone-Based Firewall features. These vulnerabilities are as follows: - Memory Leak Associated with Crafted IP Packets
Memory Leak in HTTP Inspection
Memory Leak in H.323 Inspection
Memory Leak in SIP Inspection
Workarounds that mitigate these vulnerabilities are not available.
Cisco has released free software updates that address these vulnerabilities.
#TRUSTED 0ba3b7ffc784b547da97a5ef4e7708bdd0459bf905d65abdab49e921e88552bb62a3928279e164aefc1671c5a3b29d29f120821c42132523ca3ba34f06bafac2d1fb0e2343075a96ea468d27f1fcb9f77c5bc6895fda8be203192b208d00bbf0d0b9b456872d0c915191ec14427019f0f499535b1f1dd5ccde0cb3f1aea2ee24927018d68eefd060bb51100c45e306eba9107eeb480b23542112a8cd48778c895fa434c4aff48ca9e3f9081226b0ed9f070a364a8060afa7ab334d5d0c702517739013d899e463dd113c90cf08d5303da40bb23f5728a72a0e001b1b2ecaaf7f724d28fd3b7bd7995a0c4ddcd113a50ca9dc2e9eae0c4ee306e9a914737051c4857b336b947ff975e72b7712b725c66f7be6f38a1bfe8fcd7d4e1190d1c21296129d1d63e065e1386d9c4ccb0e501462a8c8b8907ce83cffbfe32003d5fef397c0b3ea611a6455bb789f4b22cb4c1173a7c085dae9ab77fdc5aac4a3476a697f914cc4c6aa15f09a3dfeb378ce0f6d00a221111c40a44a72a5c4686407d49db9a0ee578ad194d555ba9c165348b69c8c30f1c2998486390897a9e5d3bee432111940ebe3a08151d438d7a50d5ccd9fdc688f73f7fca5006567db14b74603d9f37cc61fb93413ee42bbcf5b2c4925cebcf554af8285dbab7a2a083c5a563645e95162b7439405c1ce6f3d17e83ec2ef6c694c494ff9e44f929a6bdb7fb5f892ed
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Cisco Security Advisory cisco-sa-20120328-zbfw.
# The text itself is copyright (C) Cisco
#
include("compat.inc");
if (description)
{
script_id(58574);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15");
script_cve_id("CVE-2012-0387", "CVE-2012-0388", "CVE-2012-1310", "CVE-2012-1315");
script_bugtraq_id(52753);
script_xref(name:"CISCO-BUG-ID", value:"CSCti46171");
script_xref(name:"CISCO-BUG-ID", value:"CSCto89536");
script_xref(name:"CISCO-BUG-ID", value:"CSCtq36153");
script_xref(name:"CISCO-BUG-ID", value:"CSCtq45553");
script_xref(name:"CISCO-SA", value:"cisco-sa-20120328-zbfw");
script_name(english:"Cisco IOS Software Zone-Based Firewall Vulnerabilities (cisco-sa-20120328-zbfw)");
script_summary(english:"Checks the IOS version.");
script_set_attribute(
attribute:"synopsis",
value:"The remote device is missing a vendor-supplied security patch."
);
script_set_attribute(
attribute:"description",
value:
"Cisco IOS Software contains four vulnerabilities related to Cisco IOS
Zone-Based Firewall features. These vulnerabilities are as follows: -
Memory Leak Associated with Crafted IP Packets
- Memory Leak in HTTP Inspection
- Memory Leak in H.323 Inspection
- Memory Leak in SIP Inspection
Workarounds that mitigate these vulnerabilities are not available.
Cisco has released free software updates that address these
vulnerabilities."
);
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-zbfw
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?45aa6925"
);
script_set_attribute(
attribute:"solution",
value:
"Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20120328-zbfw."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/28");
script_set_attribute(attribute:"patch_publication_date", value:"2012/03/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/02");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
script_family(english:"CISCO");
script_dependencies("cisco_ios_version.nasl");
script_require_keys("Host/Cisco/IOS/Version");
exit(0);
}
include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");
flag = 0;
override = 0;
version = get_kb_item_or_exit("Host/Cisco/IOS/Version");
if ( version == '12.4(15)XZ' ) flag++;
if ( version == '12.4(15)XZ1' ) flag++;
if ( version == '12.4(15)XZ2' ) flag++;
if ( version == '12.4(20)MR' ) flag++;
if ( version == '12.4(20)MR2' ) flag++;
if ( version == '12.4(20)MRA' ) flag++;
if ( version == '12.4(20)MRA1' ) flag++;
if ( version == '12.4(20)MRB' ) flag++;
if ( version == '12.4(20)MRB1' ) flag++;
if ( version == '12.4(20)T' ) flag++;
if ( version == '12.4(20)T1' ) flag++;
if ( version == '12.4(20)T2' ) flag++;
if ( version == '12.4(20)T3' ) flag++;
if ( version == '12.4(20)T4' ) flag++;
if ( version == '12.4(20)T5' ) flag++;
if ( version == '12.4(20)T6' ) flag++;
if ( version == '12.4(20)YA' ) flag++;
if ( version == '12.4(20)YA1' ) flag++;
if ( version == '12.4(20)YA2' ) flag++;
if ( version == '12.4(20)YA3' ) flag++;
if ( version == '12.4(22)GC1' ) flag++;
if ( version == '12.4(22)GC1a' ) flag++;
if ( version == '12.4(22)MD' ) flag++;
if ( version == '12.4(22)MD1' ) flag++;
if ( version == '12.4(22)MD2' ) flag++;
if ( version == '12.4(22)MDA' ) flag++;
if ( version == '12.4(22)MDA1' ) flag++;
if ( version == '12.4(22)MDA2' ) flag++;
if ( version == '12.4(22)MDA3' ) flag++;
if ( version == '12.4(22)MDA4' ) flag++;
if ( version == '12.4(22)MDA5' ) flag++;
if ( version == '12.4(22)MDA6' ) flag++;
if ( version == '12.4(22)T' ) flag++;
if ( version == '12.4(22)T1' ) flag++;
if ( version == '12.4(22)T2' ) flag++;
if ( version == '12.4(22)T3' ) flag++;
if ( version == '12.4(22)T4' ) flag++;
if ( version == '12.4(22)T5' ) flag++;
if ( version == '12.4(22)XR' ) flag++;
if ( version == '12.4(22)XR1' ) flag++;
if ( version == '12.4(22)XR10' ) flag++;
if ( version == '12.4(22)XR11' ) flag++;
if ( version == '12.4(22)XR12' ) flag++;
if ( version == '12.4(22)XR2' ) flag++;
if ( version == '12.4(22)XR3' ) flag++;
if ( version == '12.4(22)XR4' ) flag++;
if ( version == '12.4(22)XR5' ) flag++;
if ( version == '12.4(22)XR6' ) flag++;
if ( version == '12.4(22)XR7' ) flag++;
if ( version == '12.4(22)XR8' ) flag++;
if ( version == '12.4(22)XR9' ) flag++;
if ( version == '12.4(22)YB' ) flag++;
if ( version == '12.4(22)YB1' ) flag++;
if ( version == '12.4(22)YB4' ) flag++;
if ( version == '12.4(22)YB5' ) flag++;
if ( version == '12.4(22)YB6' ) flag++;
if ( version == '12.4(22)YB7' ) flag++;
if ( version == '12.4(22)YB8' ) flag++;
if ( version == '12.4(22)YD' ) flag++;
if ( version == '12.4(22)YD1' ) flag++;
if ( version == '12.4(22)YD2' ) flag++;
if ( version == '12.4(22)YD3' ) flag++;
if ( version == '12.4(22)YD4' ) flag++;
if ( version == '12.4(22)YE' ) flag++;
if ( version == '12.4(22)YE1' ) flag++;
if ( version == '12.4(22)YE2' ) flag++;
if ( version == '12.4(22)YE3' ) flag++;
if ( version == '12.4(22)YE4' ) flag++;
if ( version == '12.4(22)YE5' ) flag++;
if ( version == '12.4(22)YE6' ) flag++;
if ( version == '12.4(24)GC1' ) flag++;
if ( version == '12.4(24)GC3' ) flag++;
if ( version == '12.4(24)GC3a' ) flag++;
if ( version == '12.4(24)GC4' ) flag++;
if ( version == '12.4(24)MD' ) flag++;
if ( version == '12.4(24)MD1' ) flag++;
if ( version == '12.4(24)MD2' ) flag++;
if ( version == '12.4(24)MD3' ) flag++;
if ( version == '12.4(24)MD4' ) flag++;
if ( version == '12.4(24)MD5' ) flag++;
if ( version == '12.4(24)MD6' ) flag++;
if ( version == '12.4(24)MDA1' ) flag++;
if ( version == '12.4(24)MDA10' ) flag++;
if ( version == '12.4(24)MDA2' ) flag++;
if ( version == '12.4(24)MDA3' ) flag++;
if ( version == '12.4(24)MDA4' ) flag++;
if ( version == '12.4(24)MDA5' ) flag++;
if ( version == '12.4(24)MDA6' ) flag++;
if ( version == '12.4(24)MDA7' ) flag++;
if ( version == '12.4(24)MDA8' ) flag++;
if ( version == '12.4(24)MDA9' ) flag++;
if ( version == '12.4(24)MDB' ) flag++;
if ( version == '12.4(24)MDB1' ) flag++;
if ( version == '12.4(24)MDB3' ) flag++;
if ( version == '12.4(24)MDB4' ) flag++;
if ( version == '12.4(24)MDB5' ) flag++;
if ( version == '12.4(24)T' ) flag++;
if ( version == '12.4(24)T1' ) flag++;
if ( version == '12.4(24)T2' ) flag++;
if ( version == '12.4(24)T3' ) flag++;
if ( version == '12.4(24)T3c' ) flag++;
if ( version == '12.4(24)T3e' ) flag++;
if ( version == '12.4(24)T3f' ) flag++;
if ( version == '12.4(24)T4' ) flag++;
if ( version == '12.4(24)T4a' ) flag++;
if ( version == '12.4(24)T4b' ) flag++;
if ( version == '12.4(24)T4c' ) flag++;
if ( version == '12.4(24)T5' ) flag++;
if ( version == '12.4(24)T6' ) flag++;
if ( version == '12.4(24)YE' ) flag++;
if ( version == '12.4(24)YE1' ) flag++;
if ( version == '12.4(24)YE2' ) flag++;
if ( version == '12.4(24)YE3' ) flag++;
if ( version == '12.4(24)YE3a' ) flag++;
if ( version == '12.4(24)YE3b' ) flag++;
if ( version == '12.4(24)YE3c' ) flag++;
if ( version == '12.4(24)YE4' ) flag++;
if ( version == '12.4(24)YE5' ) flag++;
if ( version == '12.4(24)YE6' ) flag++;
if ( version == '12.4(24)YE7' ) flag++;
if ( version == '12.4(24)YG1' ) flag++;
if ( version == '12.4(24)YG2' ) flag++;
if ( version == '12.4(24)YG3' ) flag++;
if ( version == '15.0(1)M' ) flag++;
if ( version == '15.0(1)M1' ) flag++;
if ( version == '15.0(1)M2' ) flag++;
if ( version == '15.0(1)M3' ) flag++;
if ( version == '15.0(1)M4' ) flag++;
if ( version == '15.0(1)M5' ) flag++;
if ( version == '15.0(1)M6' ) flag++;
if ( version == '15.0(1)M6a' ) flag++;
if ( version == '15.0(1)M7' ) flag++;
if ( version == '15.0(1)XA' ) flag++;
if ( version == '15.0(1)XA1' ) flag++;
if ( version == '15.0(1)XA2' ) flag++;
if ( version == '15.0(1)XA3' ) flag++;
if ( version == '15.0(1)XA4' ) flag++;
if ( version == '15.0(1)XA5' ) flag++;
if ( version == '15.1(1)T' ) flag++;
if ( version == '15.1(1)T1' ) flag++;
if ( version == '15.1(1)T2' ) flag++;
if ( version == '15.1(1)T3' ) flag++;
if ( version == '15.1(1)T4' ) flag++;
if ( version == '15.1(1)XB' ) flag++;
if ( version == '15.1(1)XB1' ) flag++;
if ( version == '15.1(1)XB2' ) flag++;
if ( version == '15.1(1)XB3' ) flag++;
if ( version == '15.1(2)GC' ) flag++;
if ( version == '15.1(2)GC1' ) flag++;
if ( version == '15.1(2)T' ) flag++;
if ( version == '15.1(2)T0a' ) flag++;
if ( version == '15.1(2)T1' ) flag++;
if ( version == '15.1(2)T2' ) flag++;
if ( version == '15.1(2)T2a' ) flag++;
if ( version == '15.1(2)T3' ) flag++;
if ( version == '15.1(2)T4' ) flag++;
if ( version == '15.1(3)T' ) flag++;
if ( version == '15.1(3)T1' ) flag++;
if ( version == '15.1(3)T2' ) flag++;
if ( version == '15.1(4)M' ) flag++;
if ( version == '15.1(4)M0a' ) flag++;
if ( version == '15.1(4)M0b' ) flag++;
if ( version == '15.1(4)M1' ) flag++;
if ( version == '15.1(4)M2' ) flag++;
if ( version == '15.1(4)XB4' ) flag++;
if ( version == '15.1(4)XB5' ) flag++;
if ( version == '15.1(4)XB5a' ) flag++;
if ( version == '15.1(4)XB6' ) flag++;
if ( version == '15.2(1)GC' ) flag++;
if ( version == '15.2(1)GC1' ) flag++;
if ( version == '15.2(1)T' ) flag++;
if ( version == '15.2(1)T1' ) flag++;
if (get_kb_item("Host/local_checks_enabled"))
{
if (flag)
{
flag = 0;
buf = cisco_command_kb_item("Host/Cisco/Config/show_zone_security", "show zone security");
if (check_cisco_result(buf))
{
if (preg(pattern:"Member Interfaces:", multiline:TRUE, string:buf)) { flag = 1; }
}
buf = cisco_command_kb_item("Host/Cisco/Config/show_policy-map_type_inspect_zone-pair", "show policy-map type inspect zone-pair");
if (check_cisco_result(buf))
{
if (preg(pattern:"Match: protocol http", multiline:TRUE, string:buf)) { flag = 1; }
if (preg(pattern:"Match: protocol h323", multiline:TRUE, string:buf)) { flag = 1; }
if (preg(pattern:"Match: protocol sip", multiline:TRUE, string:buf)) { flag = 1; }
} else if (cisco_needs_enable(buf)) { flag = 1; override = 1; }
}
}
if (flag)
{
security_hole(port:0, extra:cisco_caveat(override));
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");