Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2016 Greenbone Networks GmbHOPENVAS:1361412562310105712
HistoryMay 12, 2016 - 12:00 a.m.

Cisco NX-OS Software HSRP Authentication Denial of Service Vulnerability (Cisco-SA-20140611-CVE-2014-3295)

2016-05-1200:00:00
Copyright (C) 2016 Greenbone Networks GmbH
plugins.openvas.org
15

CVSS2

4.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.006

Percentile

78.3%

JSON

A vulnerability in Hot Standby Router Protocol (HSRP)
authentication in the Cisco Nexus series could allow an unauthenticated, adjacent attacker to
affect the state of HSRP group members and cause black holing of traffic.

# Copyright (C) 2016 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

CPE = "cpe:/o:cisco:nx-os";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.105712");
  script_version("2022-12-26T10:12:01+0000");
  script_tag(name:"last_modification", value:"2022-12-26 10:12:01 +0000 (Mon, 26 Dec 2022)");
  script_tag(name:"creation_date", value:"2016-05-12 16:36:13 +0200 (Thu, 12 May 2016)");
  script_tag(name:"cvss_base", value:"4.8");
  script_tag(name:"cvss_base_vector", value:"AV:A/AC:L/Au:N/C:N/I:P/A:P");

  script_cve_id("CVE-2014-3295");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Cisco NX-OS Software HSRP Authentication Denial of Service Vulnerability (Cisco-SA-20140611-CVE-2014-3295)");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2016 Greenbone Networks GmbH");
  script_family("CISCO");
  script_dependencies("gb_cisco_nx_os_consolidation.nasl");
  script_mandatory_keys("cisco/nx_os/detected", "cisco/nx_os/device", "cisco/nx_os/model");

  script_tag(name:"summary", value:"A vulnerability in Hot Standby Router Protocol (HSRP)
  authentication in the Cisco Nexus series could allow an unauthenticated, adjacent attacker to
  affect the state of HSRP group members and cause black holing of traffic.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The vulnerability is due to incorrect parsing of malformed HSRP
  packets. An attacker could exploit this vulnerability by sending malformed HSRP packets to bypass
  HSRP authentication.");

  script_tag(name:"impact", value:"An exploit could allow the attacker to bypass HSRP
  authentication and affect the state of active HSRP group members, causing them to go to SPEAK
  state, which leads to black holing of traffic and causes a denial of service (DoS) condition.");

  script_tag(name:"solution", value:"See the referenced vendor advisory for a solution.");

  script_xref(name:"URL", value:"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140611-CVE-2014-3295");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! device = get_kb_item( "cisco/nx_os/device" ) )
  exit( 0 );

if( "Nexus" >!< device )
  exit( 0 );

if ( ! nx_model = get_kb_item( "cisco/nx_os/model" ) )
  exit( 0 );

if( ! version = get_app_version( cpe:CPE, nofork:TRUE ) )
  exit( 0 );

if( nx_model =~ "^C?7[0-9]+" ) {
  affected = make_list(
    "4.1.(2)",
    "4.1.(3)",
    "4.1.(4)",
    "4.1.(5)",
    "4.2(3)",
    "4.2(4)",
    "4.2(6)",
    "4.2(8)",
    "4.2.(2a)",
    "5.0(2a)",
    "5.0(3)",
    "5.0(5)",
    "5.1(1)",
    "5.1(1a)",
    "5.1(3)",
    "5.1(4)",
    "5.1(5)",
    "5.1(6)",
    "5.2(1)",
    "5.2(3a)",
    "5.2(4)",
    "5.2(5)",
    "5.2(7)",
    "5.2(9)",
    "6.0(1)",
    "6.0(2)",
    "6.0(3)",
    "6.0(4)",
    "6.1(1)",
    "6.1(2)",
    "6.1(3)",
    "6.1(4)",
    "6.1(4a)",
    "6.2(2)",
    "6.2(2a)"
  );
}

foreach af ( affected ) {
  if( version == af ) {
    report = report_fixed_ver( installed_version:version, fixed_version: "See advisory" );
    security_message( port:0, data:report );
    exit( 0 );
  }
}

exit( 99 );

Related

prion 1
nessus 1
cvelist 1
cve 1
cisco 1
nvd 1
prion
prion
Authentication flaw
2014-06-14 04:26:00
nessus
nessus
Cisco NX-OS HSRP DoS (CSCup11309)
2015-05-30 00:00:00
cvelist
cvelist
CVE-2014-3295
2014-06-14 01:00:00
cve
cve
CVE-2014-3295
2014-06-14 04:26:47
cisco
cisco
Cisco NX-OS Software HSRP Authentication Denial of Service Vulnerability
2014-06-11 18:29:23
nvd
nvd
CVE-2014-3295
2014-06-14 04:26:47

CVSS2

4.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.006

Percentile

78.3%

JSON
Related for OPENVAS:1361412562310105712
prion1nessus1cvelist1cve1cisco1nvd1