Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2020 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO_H323_DOS.NASL
HistoryJan 19, 2004 - 12:00 a.m.

Cisco IOS H.323 Protocol Implementation Flaws

2004-01-1900:00:00
This script is Copyright (C) 2004-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.056

Percentile

93.3%

JSON

According to its version number, the remote host is running a vulnerable version of Cisco IOS. The affected versions have multiple buffer overflow vulnerabilities in the H.323 processing routines.
H.323 is a standard that defines several protocols used for audio/visual applications, including IP telephony.

A remote attacker could use this to cause a denial of service, or potentially execute arbitrary code.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if(description)
{
 script_id(12023);
 script_version("1.17");

 script_cve_id("CVE-2004-0054");
 script_bugtraq_id(9406);

 script_name(english:"Cisco IOS H.323 Protocol Implementation Flaws");
 script_summary(english:"Uses SNMP to determine if a flaw is present");

 script_set_attribute(
   attribute:"synopsis",
   value:"The remote network device has a buffer overflow vulnerability."
 );
 script_set_attribute( attribute:"description",  value:
"According to its version number, the remote host is running a
vulnerable version of Cisco IOS.  The affected versions have multiple
buffer overflow vulnerabilities in the H.323 processing routines.
H.323 is a standard that defines several protocols used for
audio/visual applications, including IP telephony.

A remote attacker could use this to cause a denial of service, or
potentially execute arbitrary code." );
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040113-h323
 script_set_attribute(
   attribute:"see_also",
   value:"http://www.nessus.org/u?3d2630fc"
 );
 script_set_attribute(
   attribute:"solution", 
   value:"Upgrade to the latest version of IOS, or block all H.323 traffic."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"plugin_publication_date", value: "2004/01/19");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/01/13");
 script_set_attribute(attribute:"patch_publication_date", value: "2004/01/13");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/27");
 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe",value:"cpe:/o:cisco:ios");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"CISCO");

 script_copyright(english:"This script is Copyright (C) 2004-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

 script_dependencies("snmp_sysDesc.nasl",
			 "snmp_cisco_type.nasl");
 script_require_keys("SNMP/community",
			  "SNMP/sysDesc",
			  "CISCO/model");
 exit(0);
}


# The code starts here
ok=0;
os = get_kb_item("SNMP/sysDesc"); if(!os)exit(0);
hardware = get_kb_item("CISCO/model"); if(!hardware)exit(0);




# Check for the required operating system...
#----------------------------------------------------------------
# Is this IOS ?
if(!egrep(pattern:".*(Internetwork Operating|IOS).*", string:os))exit(0);
# 11.3T
if(egrep(string:os, pattern:"(^|\s+)(11\.3\([0-9]*\)|11\.3)T[0-9]*,"))ok=1;

# 12.0
if(egrep(string:os, pattern:"(^|\s+)(12\.0\(([0-9]|[1-1][0-9]|2[0-7])\)|12\.0),"))ok=1;

# 12.0S
if(egrep(string:os, pattern:"(^|\s+)((12\.0\(([0-9]|[1-1][0-9]|2[0-4])\)|12\.0)S[0-9]*|12\.0\(25\)S[0-0]),"))ok=1;

# 12.0ST
if(egrep(string:os, pattern:"(^|\s+)(12\.0\([0-9]*\)|12\.0)ST[0-9]*,"))ok=1;

# 12.0T
if(egrep(string:os, pattern:"(^|\s+)(12\.0\([0-9]*\)|12\.0)T[0-9]*,"))ok=1;

# 12.0XC
if(egrep(string:os, pattern:"(^|\s+)(12\.0\([0-9]*\)|12\.0)XC[0-9]*,"))ok=1;

# 12.0XD
if(egrep(string:os, pattern:"(^|\s+)(12\.0\([0-9]*\)|12\.0)XD[0-9]*,"))ok=1;

# 12.0XG
if(egrep(string:os, pattern:"(^|\s+)(12\.0\([0-9]*\)|12\.0)XG[0-9]*,"))ok=1;

# 12.0XH
if(egrep(string:os, pattern:"(^|\s+)(12\.0\([0-9]*\)|12\.0)XH[0-9]*,"))ok=1;

# 12.0XI
if(egrep(string:os, pattern:"(^|\s+)(12\.0\([0-9]*\)|12\.0)XI[0-9]*,"))ok=1;

# 12.0XJ
if(egrep(string:os, pattern:"(^|\s+)(12\.0\([0-9]*\)|12\.0)XJ[0-9]*,"))ok=1;

# 12.0XK
if(egrep(string:os, pattern:"(^|\s+)(12\.0\([0-9]*\)|12\.0)XK[0-9]*,"))ok=1;

# 12.0XL
if(egrep(string:os, pattern:"(^|\s+)(12\.0\([0-9]*\)|12\.0)XL[0-9]*,"))ok=1;

# 12.0XN
if(egrep(string:os, pattern:"(^|\s+)(12\.0\([0-9]*\)|12\.0)XN[0-9]*,"))ok=1;

# 12.0XN
if(egrep(string:os, pattern:"(^|\s+)(12\.0\([0-9]*\)|12\.0)XN[0-9]*,"))ok=1;

# 12.0XQ
if(egrep(string:os, pattern:"(^|\s+)(12\.0\([0-9]*\)|12\.0)XQ[0-9]*,"))ok=1;

# 12.0XR
if(egrep(string:os, pattern:"(^|\s+)(12\.0\([0-9]*\)|12\.0)XR[0-9]*,"))ok=1;

# 12.0XT
if(egrep(string:os, pattern:"(^|\s+)(12\.0\([0-9]*\)|12\.0)XT[0-9]*,"))ok=1;

# 12.1
if(egrep(string:os, pattern:"(^|\s+)(12\.1\(([0-9]|[1-1][0-9]|2[0-1])\)|12\.1),"))ok=1;

# 12.1AA
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)AA[0-9]*,"))ok=1;

# 12.1E
if(egrep(string:os, pattern:"(^|\s+)((12\.1\(([0-9]|1[0-9])\)|12\.1)E[0-9]*|12\.1\(20\)E[0-1]),"))ok=1;

# 12.1EC
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)EC[0-9]*,"))ok=1;

# 12.1EZ
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)EZ[0-9]*,"))ok=1;

# 12.1T
if(egrep(string:os, pattern:"(^|\s+)((12\.1\([0-4]\)|12\.1)T[0-9]*|12\.1\(5\)T([0-9]|1[0-6])),"))ok=1;

# 12.1X
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)X[0-9]*,"))ok=1;

# 12.1XA
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XA[0-9]*,"))ok=1;

# 12.1XB
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XB[0-9]*,"))ok=1;

# 12.1XC
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XC[0-9]*,"))ok=1;

# 12.1XD
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XD[0-9]*,"))ok=1;

# 12.1XG
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XG[0-9]*,"))ok=1;

# 12.1XH
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XH[0-9]*,"))ok=1;

# 12.1XI
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XI[0-9]*,"))ok=1;

# 12.1XJ
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XJ[0-9]*,"))ok=1;

# 12.1XL
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XL[0-9]*,"))ok=1;

# 12.1XM
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XM[0-9]*,"))ok=1;

# 12.1XP
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XP[0-9]*,"))ok=1;

# 12.1XQ
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XQ[0-9]*,"))ok=1;

# 12.1XQ
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XQ[0-9]*,"))ok=1;

# 12.1XR
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XR[0-9]*,"))ok=1;

# 12.1XT
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XT[0-9]*,"))ok=1;

# 12.1XU
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XU[0-9]*,"))ok=1;

# 12.1XV
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XV[0-9]*,"))ok=1;

# 12.1XW
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)XW[0-9]*,"))ok=1;

# 12.1YB
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)YB[0-9]*,"))ok=1;

# 12.1YC
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)YC[0-9]*,"))ok=1;

# 12.1YD
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)YD[0-9]*,"))ok=1;

# 12.1YE
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)YE[0-9]*,"))ok=1;

# 12.1YF
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)YF[0-9]*,"))ok=1;

# 12.1YH
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)YH[0-9]*,"))ok=1;

# 12.1YI
if(egrep(string:os, pattern:"(^|\s+)(12\.1\([0-9]*\)|12\.1)YI[0-9]*,"))ok=1;

# 12.2
if(egrep(string:os, pattern:"(^|\s+)(12\.2\(([0-9]|1[0-6])\)|12\.2),"))ok=1;

# 12.2B
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)B[0-9]*,"))ok=1;

# 12.2BW
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)BW[0-9]*,"))ok=1;

# 12.2BX
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)BX[0-9]*,"))ok=1;

# 12.2BZ
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)BZ[0-9]*,"))ok=1;

# 12.2DD
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)DD[0-9]*,"))ok=1;

# 12.2DX
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)DX[0-9]*,"))ok=1;

# 12.2MC
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)MC[0-9]*,"))ok=1;

# 12.2MX
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)MX[0-9]*,"))ok=1;

# 12.2S
if(egrep(string:os, pattern:"(^|\s+)((12\.2\(([0-9]|1[0-7])\)|12\.2)S[0-9]*|12\.2\(18\)S[0-2]),"))ok=1;

# 12.2SX
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)SX[0-9]*,"))ok=1;

# 12.2SY
if(egrep(string:os, pattern:"(^|\s+)((12\.2\(([0-9]|1[0-3])\)|12\.2)SY[0-9]*|12\.2\(14\)SY[0-2]),"))ok=1;

# 12.2T
if(egrep(string:os, pattern:"(^|\s+)((12\.2\(([0-9]|1[0-4])\)|12\.2)T[0-9]*|12\.2\(15\)T[0-4]),"))ok=1;

# 12.2XA
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)XA[0-9]*,"))ok=1;

# 12.2XB
if(egrep(string:os, pattern:"(^|\s+)((12\.2\([0-1]\)|12\.2)XB[0-9]*|12\.2\(2\)XB([0-9]|1[0-4])),"))ok=1;

# 12.2XC
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)XC[0-9]*,"))ok=1;

# 12.2XD
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)XD[0-9]*,"))ok=1;

# 12.2XG
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)XG[0-9]*,"))ok=1;

# 12.2XH
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)XH[0-9]*,"))ok=1;

# 12.2XI
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)XI[0-9]*,"))ok=1;

# 12.2XJ
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)XJ[0-9]*,"))ok=1;

# 12.2XK
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)XK[0-9]*,"))ok=1;

# 12.2XL
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)XL[0-9]*,"))ok=1;

# 12.2XM
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)XM[0-9]*,"))ok=1;

# 12.2XM
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)XM[0-9]*,"))ok=1;

# 12.2XQ
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)XQ[0-9]*,"))ok=1;

# 12.2XS
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)XS[0-9]*,"))ok=1;

# 12.2XT
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)XT[0-9]*,"))ok=1;

# 12.2XU
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)XU[0-9]*,"))ok=1;

# 12.2XW
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)XW[0-9]*,"))ok=1;

# 12.2YA
if(egrep(string:os, pattern:"(^|\s+)((12\.2\([0-3]\)|12\.2)YA[0-9]*|12\.2\(4\)YA[0-6]),"))ok=1;

# 12.2YB
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)YB[0-9]*,"))ok=1;

# 12.2YC
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)YC[0-9]*,"))ok=1;

# 12.2YD
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)YD[0-9]*,"))ok=1;

# 12.2YE
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)YE[0-9]*,"))ok=1;

# 12.2YF
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)YF[0-9]*,"))ok=1;

# 12.2YH
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)YH[0-9]*,"))ok=1;

# 12.2YJ
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)YJ[0-9]*,"))ok=1;

# 12.2YK
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)YK[0-9]*,"))ok=1;

# 12.2YL
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)YL[0-9]*,"))ok=1;

# 12.2YM
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)YM[0-9]*,"))ok=1;

# 12.2YN
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)YN[0-9]*,"))ok=1;

# 12.2YT
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)YT[0-9]*,"))ok=1;

# 12.2YU
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)YU[0-9]*,"))ok=1;

# 12.2YV
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)YV[0-9]*,"))ok=1;

# 12.2YW
if(egrep(string:os, pattern:"(^|\s+)((12\.2\([0-7]\)|12\.2)YW[0-9]*|12\.2\(8\)YW[0-2]),"))ok=1;

# 12.2YX
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)YX[0-9]*,"))ok=1;

# 12.2YY
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)YY[0-9]*,"))ok=1;

# 12.2YZ
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)YZ[0-9]*,"))ok=1;

# 12.2ZB
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)ZB[0-9]*,"))ok=1;

# 12.2ZC
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)ZC[0-9]*,"))ok=1;

# 12.2ZD
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)ZD[0-9]*,"))ok=1;

# 12.2ZE
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)ZE[0-9]*,"))ok=1;

# 12.2ZF
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)ZF[0-9]*,"))ok=1;

# 12.2ZG
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)ZG[0-9]*,"))ok=1;

# 12.2ZH
if(egrep(string:os, pattern:"(^|\s+)(12\.2\([0-9]*\)|12\.2)ZH[0-9]*,"))ok=1;

# 12.2ZJ
if(egrep(string:os, pattern:"(^|\s+)((12\.2\(([0-9]|1[0-4])\)|12\.2)ZJ[0-9]*|12\.2\(15\)ZJ[0-2]),"))ok=1;

# 12.2ZL
if(egrep(string:os, pattern:"(^|\s+)((12\.2\(([0-9]|1[0-4])\)|12\.2)ZL[0-9]*|12\.2\(15\)ZL[0-0]),"))ok=1;

# 12.3T
if(egrep(string:os, pattern:"(^|\s+)((12\.3\([0-3]\)|12\.3)T[0-9]*|12\.3\(4\)T[0-0]),"))ok=1;


#----------------------------------------------

if(ok)security_hole(port:161, proto:"udp");

Related

nvd 1
cvelist 1
nessus 2
cve 1
cisco 1
nvd
nvd
CVE-2004-0054
2004-02-17 05:00:00
cvelist
cvelist
CVE-2004-0054
2004-01-15 05:00:00
nessus
nessus
Vulnerabilities in H.323 Message Processing - Cisco Systems
2010-09-01 00:00:00
Debian DSA-448-1 : pwlib - several vulnerabilities
2004-09-29 00:00:00
cve
cve
CVE-2004-0054
2004-02-17 05:00:00
cisco
cisco
Vulnerabilities in H.323 Message Processing
2004-01-13 12:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.056

Percentile

93.3%

JSON
Related for CISCO_H323_DOS.NASL
nvd1cvelist1nessus2cve1cisco1