CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
55.5%
The remote Cisco Adaptive Security Appliance (ASA) device is affected by a denial of service vulnerability in the DHCPv6 relay feature due to improper validation of DHCPv6 packets. An unauthenticated, remote attacker can exploit this, via specially crafted DHCPv6 packets, to cause the device to reload.
#TRUSTED 78fe4bb6cb9c36287e94eed521496b4d18f55fdcdee5cc7c0dea2e210b3f9f63a509afa56f735862f16dad2a1907296527faa466c19ca59e2a468b47aee0843fe1e996b66b225bb0ad72b5d30a97e603da09b4c27715ba5973cfd27474ba941015eff8018973328f99f661e559f558c44deddcea9c2198d07a726580d238d769d96fbdc4a50ea11578699efe0f69b9462c6f0fba18009e8ff39cfb413e65c1824d17ac971b7dd332038682877f7a8ecd504dda86ad087c9c11357e6d3243646e8073457df9c82c2b13b4ee2c0323e77f44ae84e28db2bb4c02c4b0a5c2389bf08226e8529d3c3ba89dfd80671297a728cded167131b9e3888415654437224a65203896142fd0dc8e519f1217112bff8c3bdd30eb717c810e697135fa908b7da7f86f579bbe59649585c4ed8417865d26e79add6e45ed2bd5e82c6afbd5971e9c6fbed8a8294ecb6e7e8d4d25b9720ce303667701a71b572b80f2dd163d34b9bab3bd65eb083e1638287d9364d471f714df02b3a69b12d88c9ba6b6a4e5df6fceee2737ace41d5164ca33f4dff1ace1ba8236836eb68840a962c5ab68c4d64ce1798d392a9ca342105b61daa8216050cd0ec862b6bd4ed91aad1e16a98ba55f42ef13c21d62e04bf1dd11f1e75e6f23c777ea4d24256be0056aa94007e1b2c773ecbf53d9e20d220a0680c2f601fcb8dcde39ff878dd2e839f5340facbd09f311
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(90714);
script_version("1.8");
script_cvs_date("Date: 2019/11/20");
script_cve_id("CVE-2016-1367");
script_xref(name:"CISCO-SA", value:"cisco-sa-20160420-asa-dhcpv6");
script_xref(name:"CISCO-BUG-ID", value:"CSCus23248");
script_name(english:"Cisco Adaptive Security Appliance Software DHCPv6 Packet Handling DoS (cisco-sa-20160420-asa-dhcpv6)");
script_summary(english:"Checks the ASA version.");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"The remote Cisco Adaptive Security Appliance (ASA) device is affected
by a denial of service vulnerability in the DHCPv6 relay feature due
to improper validation of DHCPv6 packets. An unauthenticated, remote
attacker can exploit this, via specially crafted DHCPv6 packets, to
cause the device to reload.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-asa-dhcpv6
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1ac65dfd");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCus23248. Alternatively, disable the DHCPv6 relay feature.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1367");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/20");
script_set_attribute(attribute:"patch_publication_date", value:"2016/04/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:adaptive_security_appliance_software");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/Cisco/ASA", "Host/Cisco/ASA/model");
exit(0);
}
include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");
asa = get_kb_item_or_exit('Host/Cisco/ASA');
model = get_kb_item_or_exit('Host/Cisco/ASA/model');
ver = extract_asa_version(asa);
if (isnull(ver)) audit(AUDIT_FN_FAIL, 'extract_asa_version');
# Affected :
# Cisco ASA 5500-X Series Next-Generation Firewalls
# Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
# Cisco Adaptive Security Virtual Appliance (ASAv)
if (
model !~ '^55[0-9][0-9]-?X' &&
model !~ '^65[0-9][0-9]($|[^0-9])' &&
model !~ '^76[0-9][0-9]($|[^0-9])' &&
model != 'v' # reported by ASAv
) audit(AUDIT_HOST_NOT, "ASA 5500-X/6500/7600 or ASAv");
fixed_ver = NULL;
if (ver =~ "^9\.4[^0-9]" && check_asa_release(version:ver, patched:"9.4(1.1)"))
fixed_ver = "9.4(1.1)";
else
audit(AUDIT_INST_VER_NOT_VULN, "Cisco ASA software", ver);
override = FALSE;
# Check if DHCP6 relay is in play
if (get_kb_item("Host/local_checks_enabled"))
{
flag = FALSE;
buf = cisco_command_kb_item("Host/Cisco/Config/show-running-config-ipv6", "show running-config ipv6");
if (check_cisco_result(buf))
{
if ("ipv6 dhcprelay enable outside" >< buf) flag = TRUE;
}
else if (cisco_needs_enable(buf)) override = TRUE;
if (!flag && !override) audit(AUDIT_HOST_NOT, "affected because DHCP6 relaying is not enabled");
}
if (report_verbosity > 0)
{
report =
'\n Installed version : ' + ver +
'\n Fixed version : ' + fixed_ver +
'\n';
security_hole(port:0, extra:report+cisco_caveat(override));
}
else security_hole(port:0, extra:cisco_caveat(override));
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
55.5%