CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
Confidence
Low
EPSS
Percentile
84.9%
According to its self-reported version, the version of Cisco IOS XE running on the remote host is affected by two unspecified denial of service vulnerabilities in the multicast DNS (mDNS) implementation. A remote attacker can exploit this issue by sending a specially crafted mDNS packet to cause the device to reload.
Note that mDNS is enabled by default if the fix for bug CSCum51028 has not been applied.
#TRUSTED 810f99d9d0d55a4cf79fb35251119c0254a8a4617806dc497681341395f8058e86d87c5eecb0120107ca3dcba0cb8b0a60750fe9c22fcc8ed673f846f4260c53b25da4cf7b6eb4c299e332a04b771f9dac8697ab06b8b4f6c7fb65093bea0f95c210e2263e508c6bed10a5dcc03a0fed63748bb24ecfb623d1721c39ca4f4c5db8bf1826a1a5730f367c3211c22ca0499af463ff54a3bbec02963b857006f3a87167c42079a47d9692a70bfce1f2f8ff3e385bd54278f64b51080e39f1171a8174afaa813fb7afc68445fe500d4220cbdbf83e763fb8864a9cb9cb678edbf280021790c8e249b9dc5ef94d96740e7f188853d807624040878b25269f71e9782bf87b078e8e35be0111253bd69b7d0aab954c1b05f53f0095ef2e349e51d1578ebe2ac229575dd5fcf85366e50986e6691a54e0406168e6ef2b65c92b460fcc83b6100120fd3f24f118b11e51bef2975cd5fcee90269027c00c863094c895533c4a769933a292ed7b962082d061cc9e99b14ab2e8d729375ef489f3f0f498e779ecb2bf30d7e33195a9b4ab0196b5c02ca34051672ca26694ff33d388e303cca7e95e6cd5196c87f87462856d5e7840af5d29bc5c377549b5de7f1ea18c5c1c1a3f4ccf3badab71a38fa9e1cf1d186d6e2d70e954afd561a1a257fabf8fa2541bb964cfd4c8b3f2e067f6ab086f4ed6292d47ffd63ce98f532df6a310c0347af0
#TRUST-RSA-SHA256 74745159246318d12885a869fbd190f982c29154c724e35168189bbfe406a73f519068223843d6f6ed5458a47a99de3a9f4bc4ea8661088712a8f1ad94bf04c31a183bc3909b1b92fa52f298b3c3d13fb1acdbf03ba55be16fa692ec9bac899011dd2d478e07c12fad9396c7cdd0bcd6d11e07188892ba7898e19c58630e328e6a3cd79b8463a3815f8cf5a82f3df4e5aa3d2adc72d2e8203a6b98fac3d9382273199fe3c5eab496555169f8bc6672ef93edb3635318b92c3d84fdd310c22cea6424378c1aa67dd9f161705a0fb887611832cd2bb2c6235399caae44e65192d6c359f4db2dd190a66a7751011159cf3b0bcfa001f732417b3aa70ab08cc9864b8cb60e75a32da4667fe85728ae3e559fd0899a0197abf065898eec1f4255988e522f3e3d5f601530067be23c59be65bdc51e4d195f4bca64d335d9ceeaaa0f87b13f01130b359b921d9ddf17906180d0ceef4b165667cb72a2cbbbb8e8ccc50efbdf047fdae58811e4253294645cb2c8074def784d7f19f21091e1811d53b75cd4d5e5a9f02ae17e214a40d22b23ca1cb6a1478fa61079fb1f731f8557df4a040486cb75e833ec42ed309ca51c8aca640f90b586f9f409ac6632c91164fcff6423fb001a03c6910aeaa6f9615f88b4adbf5ea386fdf36da84575d4f41a1e1d395f56c2699ddd7ecd46e59ff317a4b52b1fb64baf4ffbf4d7ed0f51e72eb3e10b
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(78030);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/03");
script_cve_id("CVE-2014-3357", "CVE-2014-3358");
script_bugtraq_id(70132, 70139);
script_xref(name:"CISCO-BUG-ID", value:"CSCuj58950");
script_xref(name:"CISCO-BUG-ID", value:"CSCul90866");
script_xref(name:"CISCO-SA", value:"cisco-sa-20140924-mdns");
script_name(english:"Cisco IOS XE Software Multiple mDNS Gateway DoS Vulnerabilities (cisco-sa-20140924-mdns)");
script_summary(english:"Checks the IOS XE version.");
script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the version of Cisco IOS XE
running on the remote host is affected by two unspecified denial of
service vulnerabilities in the multicast DNS (mDNS) implementation. A
remote attacker can exploit this issue by sending a specially crafted
mDNS packet to cause the device to reload.
Note that mDNS is enabled by default if the fix for bug CSCum51028 has
not been applied.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e2f51db1");
script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewAMBAlert.x?alertId=35023");
script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewAlert.x?alertId=35607");
script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewAlert.x?alertId=35608");
script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/bugsearch/bug/CSCuj58950");
script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/bugsearch/bug/CSCul90866");
script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20140924-mdns.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/24");
script_set_attribute(attribute:"patch_publication_date", value:"2014/09/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/02");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2024 Tenable Network Security, Inc.");
script_family(english:"CISCO");
script_dependencies("cisco_ios_xe_version.nasl");
script_require_keys("Host/Cisco/IOS-XE/Version");
exit(0);
}
include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");
ver = get_kb_item_or_exit("Host/Cisco/IOS-XE/Version");
app = "Cisco IOS XE";
cbi = "CSCuj58950 and CSCul90866";
fixed_ver = NULL;
if (
ver =~ "^2\.[16]\.[0-2]$" ||
ver =~ "^2\.2\.[1-3]$" ||
ver =~ "^2\.3\.([02]|[01]t)$" ||
ver =~ "^2\.4\.[01]$" ||
ver == "2.5.0" ||
ver =~ "^3\.1\.[0-3]S$" ||
ver =~ "^3\.[2356]\.[0-2]S$" ||
ver =~ "^3\.4\.[0-6]S$" ||
ver =~ "^3\.7\.[0-4]S$"
)
fixed_ver = "3.7.6S";
else if (
ver =~ "^3\.2\.[0-3]SE$" ||
ver =~ "^3\.3\.[01]SE$"
)
fixed_ver = "3.3.2SE";
else if (ver =~ "^3\.3\.[0-2]SG$")
{
cbi = "CSCuj58950";
fixed_ver = "3.4.4SG";
}
else if (ver =~ "^3\.4\.[0-3]SG$")
fixed_ver = "3.4.4SG";
else if (ver == "3.3.0XO")
fixed_ver = "3.3.1XO";
else if (ver == "3.5.0E")
fixed_ver = "3.5.2E";
else if (
ver =~ "^3\.8\.[0-2]S$" ||
ver =~ "^3\.9\.[01]S$" ||
ver =~ "^3\.10\.(0|0a)S$"
)
fixed_ver = "3.10.4S";
else if (ver =~ "^3\.11\.[12]S$")
fixed_ver = "3.12.0S";
if (isnull(fixed_ver)) audit(AUDIT_INST_VER_NOT_VULN, app, ver);
# mDNS check
override = FALSE;
if (get_kb_item("Host/local_checks_enabled"))
{
flag = FALSE;
buf = cisco_command_kb_item("Host/Cisco/Config/show_udp", "show udp");
if (check_cisco_result(buf))
{
if (preg(multiline:TRUE, pattern:"^17\S+\s+\S+\s+5353\s+", string:buf)) flag = TRUE;
}
else if (cisco_needs_enable(buf)) override = TRUE;
if (!flag && !override) audit(AUDIT_HOST_NOT, "affected because mDNS is not enabled.");
}
if (report_verbosity > 0)
{
report +=
'\n Cisco bug ID : ' + cbi +
'\n Installed release : ' + ver +
'\n Fixed release : ' + fixed_ver +
'\n';
security_hole(port:0, extra:report+cisco_caveat(override));
}
else security_hole(port:0, extra:cisco_caveat(override));
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3357
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3358
www.nessus.org/u?e2f51db1
tools.cisco.com/bugsearch/bug/CSCuj58950
tools.cisco.com/bugsearch/bug/CSCul90866
tools.cisco.com/security/center/viewAlert.x?alertId=35607
tools.cisco.com/security/center/viewAlert.x?alertId=35608
tools.cisco.com/security/center/viewAMBAlert.x?alertId=35023