CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
48.4%
According to its self-reported version, Cisco IOS XR Software is affected by a vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software. This could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device.The vulnerability is due to the incorrect processing of crafted AutoRP packets. An attacker could exploit this vulnerability by sending crafted packets to port UDP 496 on a reachable IP address on the device. A successful exploit could allow the attacker to cause the PIM process to restart. (CVE-2019-1712)
Please see the included Cisco BIDs and Cisco Security Advisory for more information
#TRUSTED 5a6230e8c26361f0c9d5d595f1db3d55674a00bbc7e4e5d6f6b398b972f92f6fd81fbd077676604f0afe823f6dd8da6ad99cc6fa6d17fbe7a9d39464e532c7a585ff3d7deac258f9a103821b9de153ddf22ee898bfacba48b2ce1510f9277f727e78b7e9502e8f70d1bc07490a90a5434b41d28876dcb22c7e90541f235934461d46c2dd725abb87cdf177ad294de4c271b0db8d7e53351317ca89fc08d7c6f54979875a722e88f6f9e5378e9203a1aedd147f1117212c92f88853ea7854678ad418e21b048b7dd94a98cec2815e5995077248862b2291178b6153601bc42a4aa9ed8813135d192ab03cc3ee4b7071cac884ff452c78e16122b3f589f6d97c86fe961072d04db180025df566c75defe29e05a3eec96749b4f93d258b34de5c7e7b162fa915000174126b91ec75a689676b8eafc84deb273f34fd539bd57eee3a751c7b331ddda853125753e0d3bdce9dc1edd352cd6f6c2789374110abe3f20cdf2ee8d3954be134688bf0c2cc196812e2fc62cb1cefbc0fc76564168a5f1ecdd705340632084ab0fac1956343be7e3ca4ca8565773170d3019ecbeab86ca77f77cd203992c98a99ecf3ffbbe8f4f8f4bfcfa0ac8fba0b4446979dba7ba85e5c384fc0610fa7b51d721bd7b54809f4fd2a93a0ff71725d1e48aeca192069b944841b5c94ef76b7f9d6736e567f5affb097201c73d4f44d333f56035935137991
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(126100);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/04/08");
script_cve_id("CVE-2019-1712");
script_xref(name:"CISCO-BUG-ID", value:"CSCvg43676");
script_xref(name:"CISCO-SA", value:"cisco-sa-20190417-iosxr-pim-dos");
script_name(english:"Cisco IOS XR Software Protocol Independent Multicast Denial of Service Vulnerability");
script_summary(english:"Checks the version of Cisco IOS XR Software");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS XR Software is
affected by a vulnerability in the Protocol Independent Multicast
(PIM) feature of Cisco IOS XR Software. This could allow an
unauthenticated, remote attacker to cause the PIM process to
restart, resulting in a denial of service condition on an affected
device.The vulnerability is due to the incorrect processing of
crafted AutoRP packets. An attacker could exploit this vulnerability
by sending crafted packets to port UDP 496 on a reachable IP address
on the device. A successful exploit could allow the attacker to cause
the PIM process to restart. (CVE-2019-1712)
Please see the included Cisco BIDs and Cisco Security Advisory for
more information");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-iosxr-pim-dos
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?47555f76");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg43676");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCvg43676");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1712");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(20);
script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/17");
script_set_attribute(attribute:"patch_publication_date", value:"2019/04/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/21");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xr_version.nasl");
script_require_keys("Host/Cisco/IOS-XR/Version", "Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("cisco_workarounds.inc");
include("ccf.inc");
product_info = cisco::get_product_info(name:"Cisco IOS XR");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
vuln_ranges = [
{'min_ver' : '4.0.0', 'fix_ver' : '6.2.3'},
{'min_ver' : '6.3.0', 'fix_ver' : '6.3.2', 'fix_display': '6.3.2 / 6.4.0'},
{'min_ver' : '6.5.0', 'fix_ver' : '6.5.1'},
];
workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);
workaround_params = make_list();
reporting = make_array(
'port' , product_info['port'],
'severity' , SECURITY_WARNING,
'version' , product_info['version'],
'bug_id' , 'CSCvg43676'
);
cisco::check_and_report(
product_info:product_info,
workarounds:workarounds,
workaround_params:workaround_params,
reporting:reporting,
vuln_ranges:vuln_ranges
);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
48.4%