Cisco IOS Internet Key Exchange Version 2 DoS (cisco-sa-ikev2-9p23Jj2a)

#TRUSTED 24522709f605e7d42a4b01cd7b3d7bbb3d237c2d39c5b92c0838ee828c43e7234c79f6635f9753da8bb623cf95c5df24bdf68d655e19f16d616267a65c57cdd42ab7c646d6aa85125dcd5b07df2c36b3463b767b1f3781b4413119f7d9bcf5b0e2dfa3d0bca1cd0aea4f1a7afda51a918f3d59dff09b08079ca1d78ed7256925f1bfd8fa5116863504966ba074300031dc5c9f576aa485361674fb0930b7d62727ea305ebfee87adc06a7ed64bef620a9b87b50de44a6a4596a7fe92d7e5c054826fd9c45fa19e7e26bec38e597f36a23a6cfd6142326d1d0566dcf36908eb41a72ca1bcd97473fac540fe0dcfc1afdc72e33999beb3d0bb032f367f3a807fc3c5032f7c54cd0cc430b70be5e3922fd6131186521b0f5575b410672e490f2c84f1d91394e703ecbfd51b895d4876afc497d3929847e56b8b49ddcaf0b04b0db849c1392b2cc6a353c9be5ebe56cd6fe0c917bbca0f839ea6bce2b90c7ebfab5b9dea6ce9ad510ea82faefa9ecccc18e951541dc347313f145d8ea43e01c821e1fb58009f131f5aa20ab478a4868ff5b1072aeee4a783368a203c9559451093e1fb1cbeb17612e23d033a6ef3c74481839bd10e53d1e9a9996f219dca721110e832b0ca8c2ebeda0a16c68b1a692d470c7b9431f6845f8b0bf5cad6b2a8906bb0fd8fc243ef31c8f32365408698b08e5c5447fb4975c9218a312de99c413c43f2
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(137835);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/06/03");

  script_cve_id("CVE-2020-3230");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvp44397");
  script_xref(name:"CISCO-SA", value:"cisco-sa-ikev2-9p23Jj2a");
  script_xref(name:"IAVA", value:"2020-A-0239-S");

  script_name(english:"Cisco IOS Internet Key Exchange Version 2 DoS (cisco-sa-ikev2-9p23Jj2a)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, IOS is affected by a denial of service (DoS) vulnerability in its Internet 
  Key Exchange (IKE) version 2 implementation due incorrect handling of IKEv2 SA-Init packets. An unauthenticated, 
  remote attacker can exploit this issue, by sending specially crafted IKEv2 SA-Inet packets to an affected host, to 
  cause a DoS condition.

  Please see the included Cisco BIDs and Cisco Security Advisory for more information.
  
  Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported 
  version");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-9p23Jj2a
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?00835fb7");
  script_set_attribute(attribute:"see_also", value:"http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-73388");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp44397");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvp44397");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3230");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(20);

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/06/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/26");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_version.nasl");
  script_require_keys("Host/Cisco/IOS/Version");

  exit(0);
}

include('ccf.inc');
include('cisco_workarounds.inc');

product_info = cisco::get_product_info(name:'Cisco IOS');

version_list = make_list(
  '15.1(2)T',
  '15.1(1)T4',
  '15.1(3)T2',
  '15.1(1)T1',
  '15.1(2)T0a',
  '15.1(3)T3',
  '15.1(1)T3',
  '15.1(2)T3',
  '15.1(2)T4',
  '15.1(1)T2',
  '15.1(3)T',
  '15.1(2)T2a',
  '15.1(3)T1',
  '15.1(1)T',
  '15.1(2)T2',
  '15.1(2)T1',
  '15.1(2)T5',
  '15.1(3)T4',
  '15.1(1)T5',
  '15.1(1)XB',
  '15.1(1)XB3',
  '15.1(1)XB1',
  '15.1(1)XB2',
  '15.1(4)XB4',
  '15.1(4)XB5',
  '15.1(4)XB6',
  '15.1(4)XB5a',
  '15.1(4)XB7',
  '15.1(4)XB8',
  '15.1(4)XB8a',
  '15.2(1)S',
  '15.2(2)S',
  '15.2(1)S1',
  '15.2(4)S',
  '15.2(1)S2',
  '15.2(2)S1',
  '15.2(2)S2',
  '15.2(4)S1',
  '15.2(4)S4',
  '15.2(4)S6',
  '15.2(4)S2',
  '15.2(4)S5',
  '15.2(4)S3',
  '15.2(4)S3a',
  '15.2(4)S4a',
  '15.2(4)S7',
  '15.2(4)S8',
  '15.3(1)T',
  '15.3(2)T',
  '15.3(1)T1',
  '15.3(1)T2',
  '15.3(1)T3',
  '15.3(1)T4',
  '15.3(2)T1',
  '15.3(2)T2',
  '15.3(2)T3',
  '15.3(2)T4',
  '15.0(2)EY',
  '15.0(2)EY1',
  '15.0(2)EY2',
  '15.0(2)EY3',
  '15.1(2)S',
  '15.1(1)S',
  '15.1(1)S1',
  '15.1(3)S',
  '15.1(1)S2',
  '15.1(2)S1',
  '15.1(2)S2',
  '15.1(3)S1',
  '15.1(3)S0a',
  '15.1(3)S2',
  '15.1(3)S4',
  '15.1(3)S3',
  '15.1(3)S5',
  '15.1(3)S6',
  '15.1(3)S5a',
  '15.1(3)S7',
  '15.1(4)M3',
  '15.1(4)M',
  '15.1(4)M1',
  '15.1(4)M2',
  '15.1(4)M6',
  '15.1(4)M5',
  '15.1(4)M4',
  '15.1(4)M0a',
  '15.1(4)M0b',
  '15.1(4)M7',
  '15.1(4)M3a',
  '15.1(4)M10',
  '15.1(4)M8',
  '15.1(4)M9',
  '15.1(4)M12a',
  '15.0(2)SE',
  '15.0(2)SE1',
  '15.0(2)SE2',
  '15.0(2)SE3',
  '15.0(2)SE4',
  '15.0(2)SE5',
  '15.0(2)SE6',
  '15.0(2)SE7',
  '15.0(2)SE8',
  '15.0(2)SE9',
  '15.0(2a)SE9',
  '15.0(2)SE10',
  '15.0(2)SE11',
  '15.0(2)SE10a',
  '15.0(2)SE12',
  '15.1(2)GC',
  '15.1(2)GC1',
  '15.1(2)GC2',
  '15.1(4)GC',
  '15.1(4)GC1',
  '15.1(4)GC2',
  '15.1(1)SG',
  '15.1(2)SG',
  '15.1(1)SG1',
  '15.1(1)SG2',
  '15.1(2)SG1',
  '15.1(2)SG2',
  '15.1(2)SG3',
  '15.1(2)SG4',
  '15.1(2)SG5',
  '15.1(2)SG6',
  '15.1(2)SG7',
  '15.1(2)SG8',
  '15.2(4)M',
  '15.2(4)M1',
  '15.2(4)M2',
  '15.2(4)M4',
  '15.2(4)M3',
  '15.2(4)M5',
  '15.2(4)M8',
  '15.2(4)M10',
  '15.2(4)M7',
  '15.2(4)M6',
  '15.2(4)M9',
  '15.2(4)M6b',
  '15.2(4)M6a',
  '15.2(4)M11',
  '15.0(2)EX',
  '15.0(2)EX1',
  '15.0(2)EX2',
  '15.0(2)EX3',
  '15.0(2)EX4',
  '15.0(2)EX5',
  '15.0(2)EX6',
  '15.0(2)EX7',
  '15.0(2)EX8',
  '15.0(2a)EX5',
  '15.2(1)GC',
  '15.2(1)GC1',
  '15.2(1)GC2',
  '15.2(2)GC',
  '15.2(3)GC',
  '15.2(3)GC1',
  '15.2(4)GC',
  '15.2(4)GC1',
  '15.2(4)GC2',
  '15.2(4)GC3',
  '15.1(1)SY',
  '15.1(1)SY1',
  '15.1(2)SY',
  '15.1(2)SY1',
  '15.1(2)SY2',
  '15.1(1)SY2',
  '15.1(1)SY3',
  '15.1(2)SY3',
  '15.1(1)SY4',
  '15.1(2)SY4',
  '15.1(1)SY5',
  '15.1(2)SY5',
  '15.1(2)SY4a',
  '15.1(1)SY6',
  '15.1(2)SY6',
  '15.1(2)SY7',
  '15.1(2)SY8',
  '15.1(2)SY9',
  '15.1(2)SY10',
  '15.1(2)SY11',
  '15.1(2)SY12',
  '15.1(2)SY13',
  '15.1(2)SY14',
  '15.3(1)S',
  '15.3(2)S',
  '15.3(3)S',
  '15.3(1)S2',
  '15.3(1)S1',
  '15.3(2)S2',
  '15.3(2)S1',
  '15.3(3)S1',
  '15.3(3)S2',
  '15.3(3)S3',
  '15.3(3)S6',
  '15.3(3)S4',
  '15.3(3)S5',
  '15.3(3)S2a',
  '15.3(3)S7',
  '15.3(3)S8',
  '15.3(3)S6a',
  '15.3(3)S9',
  '15.3(3)S10',
  '15.3(3)S8a',
  '15.4(1)T',
  '15.4(2)T',
  '15.4(1)T2',
  '15.4(1)T1',
  '15.4(1)T3',
  '15.4(2)T1',
  '15.4(2)T3',
  '15.4(2)T2',
  '15.4(1)T4',
  '15.4(2)T4',
  '15.2(1)E',
  '15.2(2)E',
  '15.2(1)E1',
  '15.2(3)E',
  '15.2(1)E2',
  '15.2(1)E3',
  '15.2(2)E1',
  '15.2(2b)E',
  '15.2(4)E',
  '15.2(3)E1',
  '15.2(2)E2',
  '15.2(2a)E1',
  '15.2(2)E3',
  '15.2(2a)E2',
  '15.2(3)E2',
  '15.2(3a)E',
  '15.2(3)E3',
  '15.2(3m)E2',
  '15.2(4)E1',
  '15.2(2)E4',
  '15.2(2)E5',
  '15.2(4)E2',
  '15.2(4m)E1',
  '15.2(3)E4',
  '15.2(5)E',
  '15.2(3m)E7',
  '15.2(4)E3',
  '15.2(2)E6',
  '15.2(5)E1',
  '15.2(5b)E',
  '15.2(4m)E3',
  '15.2(3m)E8',
  '15.2(2)E5a',
  '15.2(3)E5',
  '15.2(2)E5b',
  '15.2(4n)E2',
  '15.2(4o)E2',
  '15.2(5a)E1',
  '15.2(4)E4',
  '15.2(2)E7',
  '15.2(5)E2',
  '15.2(4p)E1',
  '15.2(6)E',
  '15.2(5)E2b',
  '15.2(4)E5',
  '15.2(5)E2c',
  '15.2(2)E8',
  '15.2(4m)E2',
  '15.2(4o)E3',
  '15.2(4q)E1',
  '15.2(6)E0a',
  '15.2(6)E1',
  '15.2(2)E7b',
  '15.2(4)E5a',
  '15.2(6)E0c',
  '15.2(4)E6',
  '15.2(6)E2',
  '15.2(2)E9',
  '15.2(6)E1a',
  '15.2(4)E7',
  '15.2(6)E1s',
  '15.2(4s)E1',
  '15.2(7)E',
  '15.2(2)E10',
  '15.2(4)E8',
  '15.2(2)E9a',
  '15.2(6)E2a',
  '15.2(7)E0a',
  '15.1(3)MRA',
  '15.1(3)MRA1',
  '15.1(3)MRA2',
  '15.1(3)MRA3',
  '15.1(3)MRA4',
  '15.4(1)S',
  '15.4(2)S',
  '15.4(3)S',
  '15.4(1)S1',
  '15.4(1)S2',
  '15.4(2)S1',
  '15.4(1)S3',
  '15.4(3)S1',
  '15.4(2)S2',
  '15.4(3)S2',
  '15.4(3)S3',
  '15.4(1)S4',
  '15.4(2)S3',
  '15.4(2)S4',
  '15.4(3)S0d',
  '15.4(3)S4',
  '15.4(3)S0e',
  '15.4(3)S5',
  '15.4(3)S0f',
  '15.4(3)S6',
  '15.4(3)S7',
  '15.4(3)S6a',
  '15.4(3)S8',
  '15.4(3)S9',
  '15.4(3)S10',
  '15.3(3)M',
  '15.3(3)M1',
  '15.3(3)M2',
  '15.3(3)M3',
  '15.3(3)M5',
  '15.3(3)M4',
  '15.3(3)M6',
  '15.3(3)M7',
  '15.3(3)M8',
  '15.3(3)M9',
  '15.3(3)M10',
  '15.3(3)M8a',
  '15.0(2)EZ',
  '15.2(2)SC1',
  '15.2(2)SC3',
  '15.2(2)SC4',
  '15.2(1)EY',
  '15.0(2)EJ',
  '15.0(2)EJ1',
  '15.2(1)SY',
  '15.2(1)SY1',
  '15.2(1)SY0a',
  '15.2(1)SY2',
  '15.2(2)SY',
  '15.2(1)SY1a',
  '15.2(2)SY1',
  '15.2(2)SY2',
  '15.2(1)SY3',
  '15.2(1)SY4',
  '15.2(2)SY3',
  '15.2(1)SY5',
  '15.2(1)SY6',
  '15.2(1)SY7',
  '15.2(1)SY8',
  '15.4(3)M',
  '15.4(3)M1',
  '15.4(3)M2',
  '15.4(3)M3',
  '15.4(3)M4',
  '15.4(3)M5',
  '15.4(3)M6',
  '15.4(3)M7',
  '15.4(3)M6a',
  '15.4(3)M7a',
  '15.4(3)M8',
  '15.4(3)M9',
  '15.4(3)M10',
  '15.2(4)JAZ1',
  '15.0(2)EK',
  '15.0(2)EK1',
  '15.3(3)XB12',
  '15.4(1)CG',
  '15.4(1)CG1',
  '15.4(2)CG',
  '15.5(1)S',
  '15.5(2)S',
  '15.5(1)S1',
  '15.5(3)S',
  '15.5(1)S2',
  '15.5(1)S3',
  '15.5(2)S1',
  '15.5(2)S2',
  '15.5(3)S1',
  '15.5(3)S1a',
  '15.5(2)S3',
  '15.5(3)S2',
  '15.5(3)S0a',
  '15.5(3)S3',
  '15.5(1)S4',
  '15.5(2)S4',
  '15.5(3)S4',
  '15.5(3)S5',
  '15.5(3)S6',
  '15.5(3)S6a',
  '15.5(3)S7',
  '15.5(3)S6b',
  '15.5(3)S8',
  '15.5(3)S9',
  '15.2(2)EB',
  '15.2(2)EB1',
  '15.2(2)EB2',
  '15.2(6)EB',
  '15.5(1)T',
  '15.5(1)T1',
  '15.5(2)T',
  '15.5(1)T2',
  '15.5(1)T3',
  '15.5(2)T1',
  '15.5(2)T2',
  '15.5(2)T3',
  '15.5(2)T4',
  '15.5(1)T4',
  '15.2(2)EA',
  '15.2(2)EA2',
  '15.2(3)EA',
  '15.2(4)EA',
  '15.2(4)EA1',
  '15.2(2)EA3',
  '15.2(5)EA',
  '15.2(4)EA4',
  '15.2(4)EA5',
  '15.2(4)EA6',
  '15.2(4)EA7',
  '15.2(4)EA8',
  '15.4(2)SN',
  '15.4(2)SN1',
  '15.4(3)SN1',
  '15.4(3)SN1a',
  '15.5(3)M',
  '15.5(3)M1',
  '15.5(3)M0a',
  '15.5(3)M2',
  '15.5(3)M2a',
  '15.5(3)M3',
  '15.5(3)M4',
  '15.5(3)M4a',
  '15.5(3)M5',
  '15.5(3)M4b',
  '15.5(3)M4c',
  '15.5(3)M6',
  '15.5(3)M7',
  '15.5(3)M6a',
  '15.5(3)M8',
  '15.5(3)M9',
  '15.3(3)JAA1',
  '15.5(1)SN',
  '15.5(1)SN1',
  '15.5(2)SN',
  '15.5(3)SN0a',
  '15.5(3)SN',
  '15.6(1)S',
  '15.6(2)S',
  '15.6(2)S1',
  '15.6(1)S1',
  '15.6(1)S2',
  '15.6(2)S2',
  '15.6(1)S3',
  '15.6(2)S3',
  '15.6(1)S4',
  '15.6(2)S4',
  '15.6(1)T',
  '15.6(2)T',
  '15.6(1)T0a',
  '15.6(1)T1',
  '15.6(2)T1',
  '15.6(1)T2',
  '15.6(2)T0a',
  '15.6(2)T2',
  '15.6(1)T3',
  '15.6(2)T3',
  '15.3(1)SY',
  '15.3(0)SY',
  '15.3(1)SY1',
  '15.3(1)SY2',
  '15.5(2)XB',
  '15.6(2)SP',
  '15.6(2)SP1',
  '15.6(2)SP2',
  '15.6(2)SP3',
  '15.6(2)SP4',
  '15.6(2)SP5',
  '15.6(2)SP6',
  '15.6(1)SN',
  '15.6(1)SN1',
  '15.6(2)SN',
  '15.6(1)SN2',
  '15.6(1)SN3',
  '15.6(3)SN',
  '15.6(4)SN',
  '15.6(5)SN',
  '15.6(6)SN',
  '15.6(7)SN',
  '15.6(7)SN1',
  '15.6(7)SN2',
  '15.6(3)M',
  '15.6(3)M1',
  '15.6(3)M0a',
  '15.6(3)M1a',
  '15.6(3)M1b',
  '15.6(3)M2',
  '15.6(3)M2a',
  '15.6(3)M3',
  '15.6(3)M3a',
  '15.6(3)M4',
  '15.6(3)M5',
  '15.6(3)M6',
  '15.6(3)M6a',
  '15.6(3)M6b',
  '15.2(4)EC1',
  '15.2(4)EC2',
  '15.4(1)SY',
  '15.4(1)SY1',
  '15.4(1)SY2',
  '15.4(1)SY3',
  '15.4(1)SY4',
  '15.5(1)SY',
  '15.5(1)SY1',
  '15.5(1)SY2',
  '15.5(1)SY3',
  '15.7(3)M',
  '15.7(3)M1',
  '15.7(3)M0a',
  '15.7(3)M3',
  '15.7(3)M2',
  '15.7(3)M4',
  '15.7(3)M4a',
  '15.7(3)M4b',
  '15.8(3)M',
  '15.8(3)M1',
  '15.8(3)M0a',
  '15.8(3)M0b',
  '15.8(3)M2',
  '15.8(3)M1a',
  '15.8(3)M2a',
  '12.2(6)I1',
  '15.3(3)JPI',
  '15.3(3)JPJ',
  '15.1(3)SVS'
);

workarounds = make_list(CISCO_WORKAROUNDS['show_udp_ike'], CISCO_WORKAROUNDS['IKEv2_enabled']);
workaround_params = make_list();

reporting = make_array(
  'port'     , product_info['port'],
  'severity' , SECURITY_WARNING,
  'version'  , product_info['version'],
  'bug_id'   , 'CSCvp44397'
);

cisco::check_and_report(
  product_info:product_info,
  reporting:reporting,
  workarounds:workarounds,
  workaround_params:workaround_params,
  require_all_workarounds:TRUE,
  vuln_versions:version_list
);