CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
AI Score
Confidence
High
EPSS
Percentile
52.2%
According to its self-reported version, the version of Cisco IOS XE running on the remote host is affected by a denial of service vulnerability in the DHCPv6 server implementation due to improper handling of DHCPv6 packets for SOLICIT messages for Identity Association for Non-Temporary Addresses (IA-NA) traffic. An unauthenticated, adjacent attacker can exploit this issue to cause the device to crash, resulting in a denial of service condition.
#TRUSTED 05e18b4a602a1c3a4e00efc30bb28e7f90a87998287736a15327a3a0fa801a4ded6bab8110b12e40dac22030122b203824a85f7de8427be4539dee01ae64b48d4a26d766984ad07f2169661527272c922eff9441563b93e9d264a7f531bc270655cf145205d043eb55519a1743ef95f0d9ac0b1caa2bd801a712f4d19f79806cd05bb49aaddf5459f609a8738ecf95a30ee8140ceab38feef10e7a38dfdd61a1fd45e740465955bbee22f549b1dbc679e68f487f5f8360142763e8491d61e4d0914835e07f5ff9edd6a4733916bac861c07b1e2a627f14ee6a84f44f42af98df4a946fe73471f6bae322e29cfc9ff96e8e1504f57d6cecce1c84b9ffee97688bf07e03c732fea6dfbcf7919a1a31b45f5a004d8c26453b19869b24d18b2073f7ed2348658ee5720e5eadd99e3cebb0e3c5443f93012786888569b9d1bc5e142b73d5b9635347b07a456d7244c674e3f57563aab4d6469a4cd8a40fa720cb2f591cf26dba23dc6755644db9e09e793ae37770a4b515bc02f1dd3da60c6eb2e0fdac2f336e60885fbba3a14a11d3b07032a5ae910f52073e145266e587662cdd7ce4351baf7ad35c8bfa2a5a38560e2d678dc8b5b4a2689d56494a11163cf9ddd1e281492da2cf29b34fa26a10c81b8ac6f7bb40822a01e3f15f90d8774abd624a07ab335617ee237045cf32391c15904aa6aa955a669c0cf7ae47c763418ad3bc
#TRUST-RSA-SHA256 40b825bc7ef72fad0f2c639fdfd548e5890862f6be51618e9e44fcb02df73ab6584562b785571e118f04c6dd8f2c13b01620f273c6c27125c9d004c593e819f84120feeb03d237256f51a5a68002f710e31029c474850f886e7de490808464d69831beed273e91426f9831a4bf2affa60bebc37720286272b940b5bc6d570353ccf9517051a9783bd480f8b43b3a5aa5171c4b956ed4829c5afd32e1d3e69b21879011377bc82b1391854587822db073c7edc64861e68349ca8ecbc72753b71735bb314b92e36beb07e9199f60be3da751b27545d678c760d7b795d2de36a82c8b08d8c5a09bf2400fb506415e80b7e077facbf537231e355500c269c05c0f2c9ca5fe7a1f97123fbbb3539fa5591dc2ff65556c79a8b684cd76d919a2504b4908388856b9152d7f01726696459bc2d52147b3acf2bef1d2534da4eb7089919d760be731f2808809b187c0cd6ea2b5b51d708870b30ca65f4632527971737ec158bcea9e667f2ea2a8f016a96231555c234f889f7352db22b0d457ba138e3ececcb164c885491cee907bc012945d289255650787b478e900e12e19f3ccf5a666f90c31d1485af41233483d0083f20cf132251e556587d41b4bcd2cd49c6baf6ff1ebd7fc374c2774a440d980225807ac1dec1088179f12ac89d811ab0f81d1e9e741360d981bc8d125b6709a020d4d717af63520c8b15aefb2e351805a038987
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(83734);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/03");
script_cve_id("CVE-2015-0708");
script_bugtraq_id(74382);
script_xref(name:"CISCO-BUG-ID", value:"CSCur29956");
script_name(english:"Cisco IOS XE DHCPv6 Server DoS");
script_summary(english:"Checks the IOS XE version.");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the version of Cisco IOS XE
running on the remote host is affected by a denial of service
vulnerability in the DHCPv6 server implementation due to improper
handling of DHCPv6 packets for SOLICIT messages for Identity
Association for Non-Temporary Addresses (IA-NA) traffic. An
unauthenticated, adjacent attacker can exploit this issue to cause the
device to crash, resulting in a denial of service condition.");
script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewAlert.x?alertId=38543");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCur29956.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/28");
script_set_attribute(attribute:"patch_publication_date", value:"2015/04/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2015-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xe_version.nasl");
script_require_keys("Host/Cisco/IOS-XE/Version");
exit(0);
}
include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");
ver = get_kb_item_or_exit("Host/Cisco/IOS-XE/Version");
app = "Cisco IOS XE";
cbi = "CSCur29956";
if (
ver == "3.13.0S" ||
ver == "3.13.1S" ||
ver == "3.14.0S"
)
fixed_ver = "See solution.";
else
audit(AUDIT_INST_VER_NOT_VULN, app, ver);
# DHCPv6 check
override = FALSE;
if (get_kb_item("Host/local_checks_enabled"))
{
flag = FALSE;
buf = cisco_command_kb_item("Host/Cisco/Config/show_ipv6_dhcp_binding", "show ipv6 dhcp binding");
if (check_cisco_result(buf))
{
# Output is "" if no DHCPv6 server
if (preg(multiline:TRUE, pattern:"^Client: ", string:buf)) flag = TRUE;
}
else if (cisco_needs_enable(buf)) override = TRUE;
if (!flag && !override) audit(AUDIT_HOST_NOT, "affected because DHCPv6 server is not enabled");
}
if (report_verbosity > 0)
{
report +=
'\n Cisco bug ID : ' + cbi +
'\n Installed release : ' + ver +
'\n Fixed release : ' + fixed_ver +
'\n';
security_warning(port:0, extra:report+cisco_caveat(override));
}
else security_warning(port:0, extra:cisco_caveat(override));