Cisco IOS XE ANI IPv6 Packets DoS (cisco-sa-20170320-aniipv6)

#TRUSTED 38a19ffbd6fa57428c595e2b2b6b76ea9771226a3dfe0e63407dd23315b5ca7c47260634f2f28025efcdbcb4cacc03c056d732a2110145870a7c8af7b2529bedf7d612cdb0f38fc48c9309fca1c492a3dd84131b8814c43c8788696e3377a636c1c8948056b565c2356e812b90fc150e22f84223c6fdfc36bb92ab309230147c0b573d3c9a97f44c98a4474623a6f8936ade4bc6a9b205fe5ff42e6a93b231ebcf7755ab5f0e1afb763a9d5a2cd068076faebeea5a562ba7655032d59c31ec11b0fc33ac29f57853c7a8399e84f706c59d927be7e268365f726e2d7e99e48003e7944d70aa918fa3ecac0063d4ef57210386a006d11d41a30d62f6310ab601bdd1ea50aba00d15837afed48469423e1e4b26fe80c49adc1f0fd1021388d1a38118aab97cd096830874e1e34f7cf7c188d2542ef1a0066e6c747547c8a929cc4346296f7d4b4dfb4da0a98ffaa03f60308c995fe3ef30d75ab3e74e9dcbce287a21c51f2d1bc9c5ebafae28d07265bd79068cdff2b83b2ba589ac7a0b4d9d153f7be390714c0428616d437ce96c41712c873569fffaeb8662fcc12668a69b3a3eb63cc04160712ac9b7f652724948dc67ccbc3e5a4b9304ccd6b56711ffb01d61f18538d0217ab50eea059ac0fa9e0ec6fad64f0f43e40fd19497f220a51dd9db7a120d88f4458e839b3e9bd1657ad5d83d49b333e31efc4e790eee151a3e5460
#TRUST-RSA-SHA256 10b8561c924750b3df85c9908fb0cc2157dfa71b3f3a27c23d32e0c2606979343d09d604be5ab23391932c8a61844b8ae4288ef304d02a6c4d992b81d313bf4747cfe316b9cdaa797b9ed4981cc822c68a199e049bf3c222b0cdcbc732016fb90d540a98f6f827afc9b9f87082ba6f7714d597ec89fdcd44bade3ee429e682539eec72a9b59619d3538efa9e9a92829fce132390cfc89a298acfc3c9246e3d32fa17b3aabbbc2cdc57321c8a7d8e6c98020b5e2234b43117e3f7ce95188fce2ccd10c1ad91ffe13e8b4917e77e7968c453083f3ccbda98db1f3a339e5e1475c28ac2a8085e1aaf83aa808142e579896d8d016b0f3fa08de47e96333138ffd26190b444d5f9e7d334f3be1bbf548cbc8f50eae0a5682f7a94786d44bff63741ca22f36ab365f0cb9f9df3a6c5b7492cd58a1c64797eed2ccc95099d102bfe76023542d26c3aca4c96fdded67d4337cea623c0544bcb7cf6954614c3ee3a904cb408f3225ff8af6a9f38d8d7d182b70f5a9758c96b43ed1c9aa2c022d7107da1b1d7fbcdc3ffa03138bf6c5541247f64592b8839766bb3b748b7a850f256ee74f25e85a7cbf8cf820fe1c405bcfaa045714ba1cb69047d6ba59f66484ad9d6e63d5d1e7e232035b67d427da21dd59234f5d1a06144a2529f7d436b2ba83de08b05ed50279370032852e9aa3dddedd1a6ae948cc8de192dbeffb50158db7e26286d
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(97946);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/03");

  script_cve_id("CVE-2017-3850");
  script_bugtraq_id(96971);
  script_xref(name:"CISCO-BUG-ID", value:"CSCvc42729");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20170320-aniipv6");

  script_name(english:"Cisco IOS XE ANI IPv6 Packets DoS (cisco-sa-20170320-aniipv6)");
  script_summary(english:"Checks the IOS XE version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Cisco IOS XE software
running on the remote device is affected by a denial of service
vulnerability in the Autonomic Networking Infrastructure (ANI)
component due to incomplete input validation of certain crafted IPv6
packets. An unauthenticated, remote attacker can exploit this issue,
via specially crafted IPv6 packets, to cause the device to reload.

Note that this issue only affect devices with ANI enabled that have a
reachable IPv6 interface.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8d249229");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20170320-aniipv6.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3850");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/03/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/24");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_xe_version.nasl");
  script_require_keys("Host/Cisco/IOS-XE/Version");

  exit(0);
}

include("audit.inc");
include("cisco_workarounds.inc");
include("ccf.inc");

product_info = cisco::get_product_info(name:"Cisco IOS XE Software");

version_list = make_list(
  '3.10.0S',
  '3.10.1S',
  '3.10.2S',
  '3.10.3S',
  '3.10.4S',
  '3.10.5S',
  '3.10.6S',
  '3.10.7S',
  '3.10.1xbS',
  '3.10.8S',
  '3.11.1S',
  '3.11.2S',
  '3.11.0S',
  '3.11.3S',
  '3.11.4S',
  '3.12.1S',
  '3.12.2S',
  '3.12.3S',
  '3.12.0aS',
  '3.12.4S',
  '3.13.0S',
  '3.13.1S',
  '3.13.2S',
  '3.13.3S',
  '3.13.4S',
  '3.13.5S',
  '3.13.0aS',
  '3.13.5aS',
  '3.13.6S',
  '3.13.6aS',
  '3.14.0S',
  '3.14.1S',
  '3.14.2S',
  '3.14.3S',
  '3.14.4S',
  '3.15.0S',
  '3.15.1S',
  '3.15.2S',
  '3.15.1cS',
  '3.15.3S',
  '3.15.4S',
  '3.7.0E',
  '3.7.1E',
  '3.7.2E',
  '3.7.3E',
  '3.7.4E',
  '3.7.5E',
  '3.16.0S',
  '3.16.1S',
  '3.16.1aS',
  '3.16.2S',
  '3.16.2aS',
  '3.16.0cS',
  '3.16.3S',
  '3.16.2bS',
  '3.16.3aS',
  '3.16.4S',
  '3.16.4aS',
  '3.16.4bS',
  '3.16.5S',
  '3.16.4dS',
  '3.17.0S',
  '3.17.1S',
  '3.17.2S ',
  '3.17.1aS',
  '3.17.3S',
  '3.8.0E',
  '3.8.1E',
  '3.8.2E',
  '3.8.3E',
  '3.18.0aS',
  '3.18.0S',
  '3.18.1S',
  '3.18.2S',
  '3.18.3vS',
  '3.18.0SP',
  '3.18.1SP',
  '3.18.1aSP',
  '3.18.1bSP',
  '3.9.0E',
  '3.9.1E'
  );

workarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);
workaround_params = WORKAROUND_CONFIG['ipv6_enabled'];

reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_HOLE,
  'version'  , product_info['version'],
  'bug_id'   , "CSCvc42729",
  'cmds'     , make_list("show running-config")
);

cisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list);