CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
52.7%
According to its self-reported version, Cisco SD-WAN is affected by multiple vulnerabilities, including the following:
A denial of service (DoS) vulnerability exists in the VPN tunneling features of Cisco SD-WAN Software due to insufficient handling of malformed packets. An unauthenticated, remote attacker can exploit this, by sending crafted packets to an affected device, to cause the device to reboot, resulting in a DoS condition of the affected system. (CVE-2021-1241)
A denial of service (DoS) vulnerability exists in the IPSec tunnel management of Cisco SD-WAN Software due to the bounds checking in the forwarding plane of the IPSec tunnel management functionality. An unauthenticated, remote attacker can exploit this, by sending crafted IPv4 or IPv6 packets to the affected device, to cause a DoS condition. (CVE-2021-1273)
A denial of service (DoS) vulnerability exists in the UDP connection response of Cisco SD-WAN Software due to the presence of a null dereference in vDaemon. An unauthenticated, remote attacker can exploit this, by sending crafted traffic to an affected device, to cause a DoS condition. (CVE-2021-1274)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
#TRUSTED 6de7f1fe1318aa3da9b62d2d9ee0575c86784c348a2601f9ba246d264afe7ecd5f31ade622b1b336d5053f54e1d9b40d25ec091ba917740706439bad305825ee46d099a47ad2b40406eed3dba014fe8c6f8c17d42af227888a24d0d64b1d7fe788caa0e0736da440388c29854ee56fa16454f8b9c4b10ad13fdc697fcf38f04083d44ae3281336659f8dcfa759148b8b331ba590b063535024b3fef64658e07b4f51c091ec164ac210e60e59d5a53213922b4de8ef0a931c9ed189ba1ecc4c7d699007dc8abf3f3bedb1388903cf0778017f556e568409e2fc3bfcdacdf7d6fa0980e13ad9bae51e1439498b6a0f3873162352a4744ead56dc58c21de0042c02169bc689d9e53536ad5ee51127b9d65e147b40e9d8c7bead9d0d9a8e62173318389ff4ce9739a28716953fa0efc5d5281447f728818947b41edc2cb1d6245d5d8e54207fa094824f1678f4f6ee7a34eba58ec62c81d995f0e961a092bcd5f781d52d1a3a5ce36b23b9d23dea3ee20b89637faf33a05ed2459ae97768bbc9c08c9424da3bf31f19c2c26e4ea86e80ce4a8bfacd83b2e39f5e85da85ebbea5d19fc2f250b0f2f16f874795a422a33c1e6aa3510c68b1ec2a37807931c170fbd5f112915bb39b256529bd3673b9f50ce35b04753726dc11dfe3f4f80c5f44acb2b6e689b3428fee1a489e65e6c0047d6ded3ecb35f41e55733dacd78f346b7eb843
#TRUST-RSA-SHA256 5c94c2fb81eaa077107a956a2a9a5f6c6801b8278e42ea3cbeb46ce40ed96c80e4ae2b6c5e3ca23f3d183c8c77d27e4a1491dff4b9b47f30e9bcd5a8a502ffd66862b79a5177640e377b18e08c5c44e57e88958b65a82f5dc1441569674195425e0e37d12361aafba5348494a5bf1ea556cfbfc9ba616454d4975ae5ca73716e928ea21107b98ab4f6d6b201086f155fe54cef5492f387d16c399aa05e0c9897281ee153c0b0ba6c7fead8455d8c96f0a07218e8f587799b3cddb39c0cc76e365805e705b5089c3cccfa5e3244db19ba6eae41db895c311ff39bd6f5b37f1c392c93bc1f7f6a2f7b8a2232a48df83c0436a6db5c6847c4c47a50492ea9c4adc0f64ae983cc536a530476a0782741d81cf8a62145a84ff6f175f0f0a9785651ec7869fd0111584a411b1a4b3445ab68031abac9fd8280458d73718ed2657270428777a3d63147a78de9484a0f3477668d4606f1edc619a4cc01374ee4ffaf870d853d305119d8f6ac0dd950e7d7aae462a6d0a576ca5abbe9394ef3b8e73f6f34c3949ef019a2323db3bb3df65ef8839735c882b6bb1c0fed6531227c5ade165dc54674115dceadbb368057050a642458bbdb0c3d33983841479ab7463f5c5d56282ab39872c44ea250da87c28860c3a002ef799ef1df9a3d8b119565892dac6bfdd1f6f11bce114d716d71ee499915cfbdf71bced10dff567cfa6d3de95d05b3
##
# (C) Tenable Network Security, Inc.
##
include('compat.inc');
if (description)
{
script_id(145708);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/25");
script_cve_id(
"CVE-2021-1241",
"CVE-2021-1273",
"CVE-2021-1274",
"CVE-2021-1278",
"CVE-2021-1279"
);
script_xref(name:"CISCO-BUG-ID", value:"CSCvq20708");
script_xref(name:"CISCO-BUG-ID", value:"CSCvt11522");
script_xref(name:"CISCO-BUG-ID", value:"CSCvt11523");
script_xref(name:"CISCO-BUG-ID", value:"CSCvt11530");
script_xref(name:"CISCO-BUG-ID", value:"CSCvu28409");
script_xref(name:"CISCO-BUG-ID", value:"CSCvu31763");
script_xref(name:"CISCO-SA", value:"cisco-sa-sdwan-dosmulti-48jJuEUP");
script_xref(name:"IAVA", value:"2021-A-0045");
script_name(english:"Cisco SD-WAN DoS (cisco-sa-sdwan-dosmulti-48jJuEUP)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco SD-WAN is affected by multiple vulnerabilities, including the following:
- A denial of service (DoS) vulnerability exists in the VPN tunneling features of Cisco SD-WAN Software due
to insufficient handling of malformed packets. An unauthenticated, remote attacker can exploit this, by
sending crafted packets to an affected device, to cause the device to reboot, resulting in a DoS condition
of the affected system. (CVE-2021-1241)
- A denial of service (DoS) vulnerability exists in the IPSec tunnel management of Cisco SD-WAN Software due
to the bounds checking in the forwarding plane of the IPSec tunnel management functionality. An unauthenticated,
remote attacker can exploit this, by sending crafted IPv4 or IPv6 packets to the affected device, to cause
a DoS condition. (CVE-2021-1273)
- A denial of service (DoS) vulnerability exists in the UDP connection response of Cisco SD-WAN Software due
to the presence of a null dereference in vDaemon. An unauthenticated, remote attacker can exploit this, by
sending crafted traffic to an affected device, to cause a DoS condition. (CVE-2021-1274)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?05f6f0f0");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq20708");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt11522");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt11523");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt11530");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28409");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu31763");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvq20708, CSCvt11522, CSCvt11523, CSCvt11530,
CSCvu28409, and CSCvu31763.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-1279");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 119, 787);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/20");
script_set_attribute(attribute:"patch_publication_date", value:"2021/01/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/02/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:sd-wan_firmware");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_vedge_detect.nbin");
script_require_keys("Cisco/Viptela/Version");
exit(0);
}
include('ccf.inc');
product_info = cisco::get_product_info(name:'Cisco Viptela');
vuln_ranges = [
{ 'min_ver':'0', 'fix_ver':'18.4.6' },
{ 'min_ver':'19.2', 'fix_ver':'20.1.2' },
{ 'min_ver':'20.3', 'fix_ver':'20.3.1' },
{ 'min_ver':'20.4', 'fix_ver':'20.4.1' }
];
# 18.4.302 and 18.4.303 appear to be between 18.4.5
# 20.1.12 is between 20.1.1 and 20.1.2
version_list=make_list(
'18.4.302',
'18.4.303',
'20.1.12'
);
reporting = make_array(
'port' , 0,
'severity' , SECURITY_HOLE,
'version' , product_info['version'],
'bug_id' , 'CSCvq20708, CSCvt11522, CSCvt11523, CSCvt11530, CSCvu28409, CSCvu31763',
'fix' , 'See vendor advisory',
'disable_caveat', TRUE
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_versions:version_list,
vuln_ranges:vuln_ranges
);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1241
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1273
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1274
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1278
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1279
www.nessus.org/u?05f6f0f0
bst.cloudapps.cisco.com/bugsearch/bug/CSCvq20708
bst.cloudapps.cisco.com/bugsearch/bug/CSCvt11522
bst.cloudapps.cisco.com/bugsearch/bug/CSCvt11523
bst.cloudapps.cisco.com/bugsearch/bug/CSCvt11530
bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28409
bst.cloudapps.cisco.com/bugsearch/bug/CSCvu31763
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
52.7%