Lucene search
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-ALG-DOS-HBBS7SZE-IOSXE.NASLHistoryAug 02, 2021 - 12:00 a.m.
Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway DoS (cisco-sa-alg-dos-hbBS7SZE)
2021-08-0200:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
46
cisco
dns
nat
denial of service
network address translation
vulnerability
logic error
remote attack
cisco bid
security advisory
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS
0.001
Percentile
48.6%
According to its self-reported version, Cisco IOS-XE Software is affected by a denial of service vulnerability in the DNS Application Layer Gateway (ALG) functionality used by Network Address Translation (NAT). The vulnerability is due to a logic error that occurs when an affected device inspects certain DNS packets. An unauthenticated, remote attacker can exploit this, by sending crafted DNS packets through an affected device that is performing NAT for DNS packets, to cause the device to reload.
Please see the included Cisco BID and Cisco Security Advisory for more information.
#TRUSTED 73718538d571ddd93af6ceb124f453a0eed6b397af242acf2d6f38ef1c8fbef98514f2c90c24e42ee80c58d76cbd742d9f81c9c62c16206f120a2189e40a6c62310a805ab37b4bbc2e3db2f08cb70185b68ea90737eb617b1156c7850b0112f148df6c779d88470d82e289a4424ab1f9b9f7441738a83664f9672f5e4acf665d1712e5fa40019219dfc7c4a2181e48adb8a4e2028c5b3cab22a516e530808f9f128efe752e2b6e43912c5c4b24405505e92c8e6ad3f45ffae80d69b0f1c05243ba23827ecc230dc11bcb9c0af492917c7036c78d04e5385773fe9a6c810544c56c68529756b6229890220867bdde44deaf2c9c6bd99c4c7d63aaf35ac4233e576291f15280531b839efe854ec047bcf71b2c2542649d8c5097cd01d72a7a99bc2ac5b38c4926b4d38538b55d5ddb4163fda10ff5b7207c2ea9fe6736d789d69ce6decce89d1dc3bab152881f71c0e0b53f2f1a1c7f496dafd0b2ac6e98aeab823db3629fadfac0c205636e1827ff52b468dfd6441326255630514377cce8d749ea7f8f1a9f455d1857c64588ae63ae304a44430f9f4e61ecdfb834c6b9bf74afde817fbaaddf3cebc7c844d547695b7015daeeb3d735b8652f4b952dbe1b7ab74c8525ada6861a61ffab795e2bd00dbf3c3cf8e56b6d86edb846402c2d6a7a9b795fbd2ce12a9cad197bb66fa8779bfa2e4347bff7ad22e3c9b795d41baef69a
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(152176);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/08/03");
script_cve_id("CVE-2021-1446");
script_xref(name:"CISCO-BUG-ID", value:"CSCvv65113");
script_xref(name:"CISCO-SA", value:"cisco-sa-alg-dos-hbBS7SZE");
script_name(english:"Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway DoS (cisco-sa-alg-dos-hbBS7SZE)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS-XE Software is affected by a denial of service vulnerability in the
DNS Application Layer Gateway (ALG) functionality used by Network Address Translation (NAT). The vulnerability is due to
a logic error that occurs when an affected device inspects certain DNS packets. An unauthenticated, remote attacker can
exploit this, by sending crafted DNS packets through an affected device that is performing NAT for DNS packets, to cause
the device to reload.
Please see the included Cisco BID and Cisco Security Advisory for more information.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-hbBS7SZE
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f9821b8b");
script_set_attribute(attribute:"see_also", value:"http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74408");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv65113");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvv65113");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-1446");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(754);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/24");
script_set_attribute(attribute:"patch_publication_date", value:"2021/03/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/08/02");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xe_version.nasl");
script_require_keys("Host/Cisco/IOS-XE/Version");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
var product_info = cisco::get_product_info(name:'Cisco IOS XE Software');
var version_list=make_list(
'3.7.0S',
'3.7.0bS',
'3.7.0xaS',
'3.7.0xbS',
'3.7.1S',
'3.7.1aS',
'3.7.2S',
'3.7.2tS',
'3.7.3S',
'3.7.4S',
'3.7.4aS',
'3.7.5S',
'3.7.6S',
'3.7.7S',
'3.7.8S',
'3.8.0S',
'3.8.1S',
'3.8.2S',
'3.9.0S',
'3.9.0aS',
'3.9.0xaS',
'3.9.1S',
'3.9.1aS',
'3.9.2S',
'3.10.0S',
'3.10.1S',
'3.10.1xbS',
'3.10.1xcS',
'3.10.2S',
'3.10.2aS',
'3.10.2tS',
'3.10.3S',
'3.10.4S',
'3.10.5S',
'3.10.6S',
'3.10.7S',
'3.10.8S',
'3.10.8aS',
'3.10.9S',
'3.10.10S',
'3.11.0S',
'3.11.1S',
'3.11.2S',
'3.11.3S',
'3.11.4S',
'3.12.0S',
'3.12.0aS',
'3.12.1S',
'3.12.2S',
'3.12.3S',
'3.12.4S',
'3.13.0S',
'3.13.0aS',
'3.13.1S',
'3.13.2S',
'3.13.2aS',
'3.13.3S',
'3.13.4S',
'3.13.5S',
'3.13.5aS',
'3.13.6S',
'3.13.6aS',
'3.13.6bS',
'3.13.7S',
'3.13.7aS',
'3.13.8S',
'3.13.9S',
'3.13.10S',
'3.14.0S',
'3.14.1S',
'3.14.2S',
'3.14.3S',
'3.14.4S',
'3.15.0S',
'3.15.1S',
'3.15.1cS',
'3.15.1xbS',
'3.15.2S',
'3.15.2xbS',
'3.15.3S',
'3.15.4S',
'3.16.0S',
'3.16.0aS',
'3.16.0bS',
'3.16.0cS',
'3.16.1S',
'3.16.1aS',
'3.16.2S',
'3.16.2aS',
'3.16.2bS',
'3.16.3S',
'3.16.3aS',
'3.16.4S',
'3.16.4aS',
'3.16.4bS',
'3.16.4cS',
'3.16.4dS',
'3.16.4eS',
'3.16.4gS',
'3.16.5S',
'3.16.5aS',
'3.16.5bS',
'3.16.6S',
'3.16.6bS',
'3.16.7S',
'3.16.7aS',
'3.16.7bS',
'3.16.8S',
'3.16.9S',
'3.16.10S',
'3.16.10aS',
'3.17.0S',
'3.17.1S',
'3.17.1aS',
'3.17.2S',
'3.17.3S',
'3.17.4S',
'3.18.0S',
'3.18.0SP',
'3.18.0aS',
'3.18.1S',
'3.18.1SP',
'3.18.1aSP',
'3.18.1bSP',
'3.18.1cSP',
'3.18.1gSP',
'3.18.1hSP',
'3.18.1iSP',
'3.18.2S',
'3.18.2SP',
'3.18.2aSP',
'3.18.3S',
'3.18.3SP',
'3.18.3aSP',
'3.18.3bSP',
'3.18.4S',
'3.18.4SP',
'3.18.5SP',
'3.18.6SP',
'3.18.7SP',
'3.18.8SP',
'3.18.8aSP',
'16.1.1',
'16.1.2',
'16.1.3',
'16.2.1',
'16.2.2',
'16.3.1',
'16.3.1a',
'16.3.2',
'16.3.3',
'16.3.4',
'16.3.5',
'16.3.5b',
'16.3.6',
'16.3.7',
'16.3.8',
'16.3.9',
'16.3.10',
'16.3.11',
'16.4.1',
'16.4.2',
'16.4.3',
'16.5.1',
'16.5.1a',
'16.5.1b',
'16.5.2',
'16.5.3',
'16.6.1',
'16.6.2',
'16.6.3',
'16.6.4',
'16.6.4a',
'16.6.4s',
'16.6.5',
'16.6.5a',
'16.6.5b',
'16.6.6',
'16.6.7',
'16.6.7a',
'16.6.8',
'16.7.1',
'16.7.1a',
'16.7.1b',
'16.7.2',
'16.7.3',
'16.7.4',
'16.8.1',
'16.8.1a',
'16.8.1b',
'16.8.1c',
'16.8.1d',
'16.8.1e',
'16.8.1s',
'16.8.2',
'16.8.3',
'16.9.1',
'16.9.1a',
'16.9.1b',
'16.9.1c',
'16.9.1d',
'16.9.1s',
'16.9.2',
'16.9.2a',
'16.9.2s',
'16.9.3',
'16.9.3a',
'16.9.3h',
'16.9.3s',
'16.9.4',
'16.9.4c',
'16.9.5',
'16.9.5f',
'16.9.6',
'16.10.1',
'16.10.1a',
'16.10.1b',
'16.10.1c',
'16.10.1d',
'16.10.1e',
'16.10.1f',
'16.10.1g',
'16.10.1s',
'16.10.2',
'16.10.3',
'16.11.1',
'16.11.1a',
'16.11.1b',
'16.11.1c',
'16.11.1s',
'16.11.2',
'16.12.1',
'16.12.1a',
'16.12.1c',
'16.12.1s',
'16.12.1t',
'16.12.1w',
'16.12.1x',
'16.12.1y',
'16.12.1z',
'16.12.1z1',
'16.12.1za',
'16.12.2',
'16.12.2a',
'16.12.2s',
'16.12.2t',
'16.12.3',
'16.12.3a',
'16.12.3s',
'16.12.4',
'16.12.4a',
'17.1.1',
'17.1.1a',
'17.1.1s',
'17.1.1t',
'17.1.2',
'17.2.1',
'17.2.1a',
'17.2.1r',
'17.2.1v',
'17.2.2',
'17.3.1',
'17.3.1a',
'17.3.1w'
);
var workarounds = make_list(CISCO_WORKAROUNDS['nat']);
var workaround_params = {'dns_alg_disabled': 1};
var reporting = make_array(
'port' , product_info['port'],
'severity' , SECURITY_HOLE,
'bug_id' , 'CSCvv65113',
'version' , product_info['version']
);
cisco::check_and_report(
product_info:product_info,
workarounds:workarounds,
workaround_params:workaround_params,
reporting:reporting,
vuln_versions:version_list
);
Related
cvelist
cvelist
cve
cve
CVE-2021-1446
2021-03-24 20:15:15
prion
prion
Design/Logic Flaw
2021-03-24 20:15:00
cisco
cisco
nvd
nvd
CVE-2021-1446
2021-03-24 20:15:15
ics
ics
Rockwell Automation Stratix Devices Containing Cisco IOS
2022-10-27 12:00:00
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS
0.001
Percentile
48.6%
Related for CISCO-SA-ALG-DOS-HBBS7SZE-IOSXE.NASL