Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.CISCO-SN-CSCUQ93406-IOS.NASL
HistoryNov 07, 2014 - 12:00 a.m.

Cisco IOS Software Ethernet Connectivity Fault Management (CFM) DoS

2014-11-0700:00:00
This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
www.tenable.com
32

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.009

Percentile

82.5%

JSON

The remote Cisco device is affected by a denial of service vulnerability due to due to improper parsing of malformed Ethernet Connectivity Fault Management (CFM) packets. A remote, unauthenticated attacker, using specially crafted CFM packets, could trigger a denial of service condition, resulting in a reload of the device.

#TRUSTED 12435477e7e36d2ffecc0f92ec6f07be20a1197c364c6ee4f6cac71e0f29d198edc7c0b063d2b0fb0ff717cb6ab8c02602ebe2ce199313941e99194d77aea44750b852c2a4872cb5a6361d011799aa91877f56f70a18e2e3fd4d41abb006b483a561a1cd7208cea59292e8ca2e89dc4052a651a679a3a5a121e28eb35a7c0e057a6ea5294641627db92510c95e3aaed9f1b05d826795c388bb1c14bc8d60f09062ae2b92aac9c793125f28e65b74626909f35eda60a77198208f6c4662469474b3237368ba780cc57b2296922f6b54fa66c6de0d93497cda609ac759bb17c9210376ad72172eb85f05956cd8a66cc55c987d3762e242283d742f8224914d4a7c1c9febbbebadac91e04a6415688bc5eb9899c839777ba9a8bae1ab34dcc273e7ed4f509fe0811e659c1624501c6af0e06b4b78b9b0292ddf462287b1130bb7445fa353d5bf2898540a8a6c65503222a26c87594f13999a039187dba9633c817fccfdac67bda46a54fbb9f9c084d58cfef3bb15215272cbf93f9a16ff871a8c9f078012ea3dcf9cd47833a2a2ad60e44eec243596359f71c141c8ef6cfb8b0641b3ba688e5ac724a74691bfbf8bb2a568334abedd437fcaa95cdb02ef1fb2aea87aa01adf9b59ee5a3ee28c87b68c7bef96fed8212a596438d7f130c9c5d1eacdc2cdf47ee66a840a18bfc2a7171a89d8d03fa8d732d434a8256711fbb9512cd1
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(78918);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/11/15");

  script_cve_id("CVE-2014-3409");
  script_bugtraq_id(70715);
  script_xref(name:"CISCO-BUG-ID", value:"CSCuq93406");

  script_name(english:"Cisco IOS Software Ethernet Connectivity Fault Management (CFM) DoS");
  script_summary(english:"Checks the IOS version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Cisco device is affected by a denial of service
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote Cisco device is affected by a denial of service
vulnerability due to due to improper parsing of malformed Ethernet
Connectivity Fault Management (CFM) packets. A remote, unauthenticated
attacker, using specially crafted CFM packets, could trigger a denial
of service condition, resulting in a reload of the device.");
  # https://tools.cisco.com/security/center/viewAlert.x?alertId=36184
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8080ca42");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant patch referenced in the Cisco Security Notice.

Alternatively, disable Ethernet Connectivity Fault Management (CFM).");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/10/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");


  script_dependencies("cisco_ios_version.nasl");
  script_require_keys("Host/Cisco/IOS/Version");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");

# Check model
model = get_kb_item("CISCO/model");
if (!model) model = get_kb_item("Host/Cisco/IOS/Model");

flag = 0;
override = 0;
version = get_kb_item_or_exit("Host/Cisco/IOS/Version");

if (!model)
{
  if (version == "15.1(3)S2") flag++;
}
else
{
  # 7600: 12.2(33)SRE onwards
  if (model =~ "^7600($|[^0-9])" && version =~ "^12\.2\(33\)SRE($|\d+[a-z]*$)") flag++;
  # ISR-G2: 15.1(1)T onwards
  else if (model =~ "^ISR-G2($|[^0-9])" && version =~ "^15\.1\(1\)T($|\d+[a-z]*$)") flag++;
  # ME2400: 12.2(25)SE onwards
  else if (model =~ "^ME2400($|[^0-9])" && version =~ "^12\.2\(25\)SE($|\d+[a-z]*$)") flag++;
  # ME3600: 12.2(52)EY onwards
  else if (model =~ "^ME3600($|[^0-9])" && version =~ "^12\.2\(52\)EY($|\d+[a-z]*$)") flag++;
  # Cat4k: 15.0(2)SG onwards
  else if (tolower(model) =~ "^cat4k($|[^0-9])" && version =~ "^15\.0\(2\)SG($|\d+[a-z]*$)") flag++;
  # Cat6k: 12.2(33)SXI2 onwards (note the '2' at the end)
  else if (tolower(model) =~ "^cat6k($|[^0-9])" && version =~ "^12\.2\(33\)SXI([2-9]|[1-9][0-9])($|[^0-9])") flag++;
}

if (get_kb_item("Host/local_checks_enabled") && flag > 0)
{
  flag = 0;
  buf = cisco_command_kb_item("Host/Cisco/Config/show_running-config", "show running-config");
  if (check_cisco_result(buf))
  {
    if (preg(multiline:TRUE, pattern:"ethernet cfm", string:buf)) flag = 1;
  }
  else if (cisco_needs_enable(buf)) { flag = 1; override = 1; }
}

if (flag > 0)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Cisco bug ID      : CSCuq93406' +
      '\n  Installed release : ' + version +
      '\n';
    security_warning(port:0, extra:report + cisco_caveat(override));
  }
  else security_warning(port:0, extra:cisco_caveat(override));
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Related

cvelist 1
prion 1
cve 1
nessus 1
nvd 1
cvelist
cvelist
CVE-2014-3409
2014-10-25 10:00:00
prion
prion
Command injection
2014-10-25 10:55:00
cve
cve
CVE-2014-3409
2014-10-25 10:55:05
nessus
nessus
Cisco IOS XE Software Connectivity Fault Management (CFM) DoS
2014-11-07 00:00:00
nvd
nvd
CVE-2014-3409
2014-10-25 10:55:05

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.009

Percentile

82.5%

JSON
Related for CISCO-SN-CSCUQ93406-IOS.NASL
cvelist1prion1cve1nessus1nvd1