CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:N/I:N/A:C
AI Score
Confidence
High
EPSS
Percentile
74.5%
The remote Cisco device is affected by a denial of service vulnerability due to improper parsing of certain options in OSPF link-state advertisement (LSA) type 11 packets. A remote, unauthenticated attacker, using specially crafted OSPF packets with unusual options can cause a device reload, resulting in a denial of service.
#TRUSTED 55a0138d513156ca2ea9636ffabf34d670467966aca66e7937e4545699fc41f115e4192febfa65fa19b8b3c55c3607b106f06132525f34d2fc3f3c47d24a256a8d0fe8b9eb2e3f3f2ee8006a2151bb8e63674002e72b2ef60e9225a70f1fb0c3dbcc1c2ed7abda5769a98b009c01867f84c314f36caef6ecb1a8279bedf9b00266e689df80b400f22d99f8285b23d38ea4a912bcd7cd4218cd1c207d6121f8334cb8b13fa2298938a03d6ef3c4dedde153d424b7fafa083e609acfc4d30ebd52647304b75651546e5c5a14b0af8c05ddcc2daa17aadda2bc662c92b974c83a6a692e6fa9ebd824e39956b850538a79fee8144aad1ddcb9154913a027c1ee9418f96195f11f4ef234c1e5699438e97c2be1f673744796bc4284e862154b4ef851c0c54d2c9c10c3039fae0a00873044314beafb0e2a3c2db5df1d57d0f4540f48087598fee97a49d147041bcd06fafc14aabdd2753d530a467e73ac5a8967390bb53846aa9b5a235d593a74b52f95402b1358e468f832c5d7986cbf89c4fa131c72cef2c9e6591a55c824647d06b51f6f78cda8e85d6efd02c6c3fce840a7b3fca7664c68bc1f67be8b15f8ec3317c08f2b765a25ade88a095faeb3fe65615a083178600c07c7867cfa2bb0e9c327ff19eed9fe8b2eba5b2ae578bef8528de7a762ba2aaa92b96546ec69a72330fb916f22617a990faf6e648a843280d85c369a
#TRUST-RSA-SHA256 0a19f2d5760725ee73600ac6180bb0faf0ea011368b30cb3de8f1c9e7fa900058687d89d00a4867a6bc2b870a189e0979a470e76deabd5a02e8ae73a584c4ee5034f07e39a658d9b0749fab3fc90caf3b462bb5fae01a9fcb8966de8f0f8045add63c7ba54f9f332975b5291fe2697a5041030e921d28db1d3a7f1fee941bf8ef10b9291ed11e5ede27510b78ea522e959a3845a77063fdca9ae369e1e7a12cea0b712815d4ebdf046472704cc77a804ceefa7960961ccca1dae4c6d25ec4a1f167c9d2ba4fdfe974b8ae146a340e1b9e1e44bc45a27c90477714c8ada48eacb83f1ef33b052e933a76004b2d1c85b74e6e07c7728d550b726d4d3f314a654dec89d28bafb9db5f378b4a650a6e704ad3abe0507ec85a61980f75e4d77723b201af92affd554f4e1dfb237813f8be56bda731806315ac0b433e403cb66e38e459901a9e2811e94df5969f54e19b0a5a924e77237980588bc7b710becd10d449c8de2c2b636d3870424f3b77d415bd3d52d34f7d935062ec74caa8c2d5eebea1ba13caac107063e9b1669bb25aeb79790c4f902a73e7396b467e6ced1d820a2869f65346238d4a1012a7565d9497ef44aac5e7fdeaa7c9e716121d01c573ebd3b384add962037f79ac89c61d541194d0807d0bb3fa3e3c5e18589b492c4bac8b58245c6346e558edd1bfbaf0bd4b6076a16c8dc0efb3ffb586092c5a7a4aaa220
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(78825);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/03");
script_cve_id("CVE-2013-5527");
script_bugtraq_id(62904);
script_xref(name:"CISCO-BUG-ID", value:"CSCui21030");
script_name(english:"Cisco IOS XE OSPF Opaque LSA DoS (CSCui21030)");
script_summary(english:"Checks the IOS XE version.");
script_set_attribute(attribute:"synopsis", value:
"The remote device is affected by a denial of service vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote Cisco device is affected by a denial of service
vulnerability due to improper parsing of certain options in OSPF
link-state advertisement (LSA) type 11 packets. A remote,
unauthenticated attacker, using specially crafted OSPF packets with
unusual options can cause a device reload, resulting in a denial of
service.");
# https://tools.cisco.com/security/center/viewAlert.x?alertId=31201
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2a23d9c5");
script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/security/center/viewAlert.x?alertId=31201");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCui21030.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/10");
script_set_attribute(attribute:"patch_publication_date", value:"2014/10/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/03");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2014-2024 Tenable Network Security, Inc.");
script_dependencies("cisco_ios_xe_version.nasl");
script_require_keys("Host/Cisco/IOS-XE/Version");
exit(0);
}
include("audit.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");
# According to the bug ID, the following version are affected :
# 3.3.0S, 3.3.1S, 3.3.2S, 3.9.0S, 3.9.1S
version = get_kb_item_or_exit("Host/Cisco/IOS-XE/Version");
flag = 0;
if (
version =~ "3\.3\.[0-2]S" ||
version =~ "3\.9\.[0-1]S"
) flag++;
if (get_kb_item("Host/local_checks_enabled") && flag)
{
flag = 0;
buf = cisco_command_kb_item("Host/Cisco/Config/show_ip_osfp", "show ip osfp");
if (check_cisco_result(buf))
{
if ('Routing Process "ospf' >< buf) flag = 1;
}
else if (cisco_needs_enable(buf))
{
flag = 1;
override = 1;
}
}
if(flag)
{
if (report_verbosity > 0)
{
report =
'\n Cisco bug ID : CSCui21030' +
'\n Installed release : ' + version +
'\n';
security_warning(port:0, extra:report + cisco_caveat(override));
}
else security_warning(port:0, extra:cisco_caveat(override));
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");