Cisco IOS XE Software SD Access Fabric Edge Node DoS (cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG)

#TRUSTED 57bb5ab69f5ea71eeb6827c2616280301b231684a5383fe4ae2e444ca3c51f6a5115f91603553285619792f00bbb5a96c1278aaf562ec31cd53c13688ad1de9c6013748ccf0e3499e6a768f5ff433941cbb2575d006db7a686ddf78e933167baa0b7d42b9701a0b5d050a9ff7a58d0bad71f318558f0c582f25c1365082900f84b9bffee2fda8090bbe1eca6cdc74334babd1cb018095fa3381331d48db1c25edfb1afe9494abedafeb4b2873ba96376c96d651ed11b8afef333fb2eeb465ad52655068cfd36f275e7a09a13dfade4956aaf401178d472493a66a6f9ed0c11c2d69b041fad2b38db36e01623c060397f3fe5e2e9176ed0b2fefdd2b60732656ac6210823be4ec49bd7449e80e0b13705ffcba21914ff024d432fe188f911192e0b1335b718572ad05ee0157339c1fd1a3de89a3837b5a6b19fa6bbac4724d616fd4920dee2c8b920e1936fd0f50957a0d8aaab1200566864ae2d1e506c0005fad2651a5c3404a5d7c58f21be8e3f3a24c1dda63b4882e10b8dd517c0092de29309589d0e49c941b78aac98a5b31762400428efc77abc231cdaf43b831ce6dadbed97630feb26df37bf95d0f92d29e88919b5f666cfd863565dbefcbb4cac83e4a69080d65ba110f649d2b1604f9bd7415dbc86a60ec3cf755ba1fe23334f7568abe49c806ce3da074414d7f738e140b43ce5f49c1303933eb32606e004c58230
#TRUST-RSA-SHA256 0c24fcd3460f59ee16ed38b8e1c932641355b32b478ae14d94693c0b4ec6314b0b34f5fde8fb4f809efa6c99ebfe9f365344018db294ae0ad7d4cebd3e53c7b934189c8d01e0b80ac2a0460d116c8af90491f8d546a65ea6ee37483b637a0ebd0534c8d2c8b093cf7ebe86237f3019f9af0b8101c12b24c5c2c3eab3a57af73521090e23b7a2fb627a1109255cae441897ad9129a257b7a1dd113f4f6da6b82ebbd7139822448a56e99d8a1d7b6a7478baa51c0c26844353253736c6592df385ae36bc00e2464f8c34081d7d78ed9029007142f4a3ffc5acde6fe5f2267b5d246ba8508f03f5d4007834cfdc5ee0d7a81bd9372a05a07e5944f87b73c6095abc4d53eec7aaaf6c227a0b6501eb18ba22c7780e9bb81fa751261f6e3dba5c881182b2dc7fc2584e22bf9b37dccd475be7a6292957da36d286920128dff37438cfc5957db1c788bfdb2667c63b886944f12c80759bf45b00e64c5c9163009f4e5024fa5fc9df8b91f8e6276c33de7a3547c452ce6f933785cd98a9fe2575795e0c8c3b61f53b5b6dae5aa204dcbf73464cc9239db9c2f1aa40a8f31bba26681fa6566a87ac3ba15b351514e823f6decf2ac60477d70e0635dc6f43c6b71157867c8e79bf591a36d1ba9d793df35bdb76832b195650b530d92f42aeefda2d7f8eb40fa9b4c6bbf417302d896063907be137be5dc69264083c00720960a548d25a82
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(192622);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/06");

  script_cve_id("CVE-2024-20314");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwh41093");
  script_xref(name:"CISCO-SA", value:"cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG");
  script_xref(name:"IAVA", value:"2024-A-0188");

  script_name(english:"Cisco IOS XE Software SD Access Fabric Edge Node DoS (cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability.

  - A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE
    Software could allow an unauthenticated, remote attacker to cause high CPU utilization and stop all
    traffic processing, resulting in a denial of service (DoS) condition on an affected device. This
    vulnerability is due to improper handling of certain IPv4 packets. An attacker could exploit this
    vulnerability by sending certain IPv4 packets to an affected device. A successful exploit could allow the
    attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS
    condition. (CVE-2024-20314)

This vulnerability only affects devices that are configured as SD-Access fabric edge nodes managed by Cisco
Catalyst Center (formerly Cisco DNA Center).

Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-qZWuWXWG
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6d31ae91");
  # https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a1da659d");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwh41093");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwh41093");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20314");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(783);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/03/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/27");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_xe_version.nasl");
  script_require_keys("Host/Cisco/IOS-XE/Version", "Settings/ParanoidReport");

  exit(0);
}

include('ccf.inc');

if (report_paranoia < 2) audit(AUDIT_PARANOID);

var extra = 'Nessus was unable to check if device is configured as an SD-Access fabric edge device by Cisco Catalyst Center.';

var product_info = cisco::get_product_info(name:'Cisco IOS XE Software');

var version_list=make_list(
  '16.1.1',
  '16.1.2',
  '16.1.3',
  '16.2.1',
  '16.2.2',
  '16.3.1',
  '16.3.1a',
  '16.3.2',
  '16.3.3',
  '16.3.4',
  '16.3.5',
  '16.3.5b',
  '16.3.6',
  '16.3.7',
  '16.3.8',
  '16.3.9',
  '16.3.10',
  '16.3.11',
  '16.4.1',
  '16.4.2',
  '16.4.3',
  '16.5.1',
  '16.5.1a',
  '16.5.1b',
  '16.5.2',
  '16.5.3',
  '16.6.1',
  '16.6.2',
  '16.6.3',
  '16.6.4',
  '16.6.4a',
  '16.6.4s',
  '16.6.5',
  '16.6.5a',
  '16.6.5b',
  '16.6.6',
  '16.6.7',
  '16.6.7a',
  '16.6.8',
  '16.6.9',
  '16.6.10',
  '16.7.1',
  '16.7.1a',
  '16.7.1b',
  '16.7.2',
  '16.7.3',
  '16.7.4',
  '16.8.1',
  '16.8.1a',
  '16.8.1b',
  '16.8.1c',
  '16.8.1d',
  '16.8.1e',
  '16.8.1s',
  '16.8.2',
  '16.8.3',
  '16.9.1',
  '16.9.1a',
  '16.9.1b',
  '16.9.1c',
  '16.9.1d',
  '16.9.1s',
  '16.9.2',
  '16.9.2a',
  '16.9.2s',
  '16.9.3',
  '16.9.3a',
  '16.9.3h',
  '16.9.3s',
  '16.9.4',
  '16.9.4c',
  '16.9.5',
  '16.9.5f',
  '16.9.6',
  '16.9.7',
  '16.9.8',
  '16.9.8a',
  '16.9.8b',
  '16.9.8c',
  '16.10.1',
  '16.10.1a',
  '16.10.1b',
  '16.10.1c',
  '16.10.1d',
  '16.10.1e',
  '16.10.1f',
  '16.10.1g',
  '16.10.1s',
  '16.10.2',
  '16.10.3',
  '16.11.1',
  '16.11.1a',
  '16.11.1b',
  '16.11.1c',
  '16.11.1s',
  '16.11.2',
  '16.12.1',
  '16.12.1a',
  '16.12.1c',
  '16.12.1s',
  '16.12.1t',
  '16.12.1w',
  '16.12.1x',
  '16.12.1y',
  '16.12.1z',
  '16.12.1z1',
  '16.12.1z2',
  '16.12.2',
  '16.12.2a',
  '16.12.2s',
  '16.12.2t',
  '16.12.3',
  '16.12.3a',
  '16.12.3s',
  '16.12.4',
  '16.12.4a',
  '16.12.5',
  '16.12.5a',
  '16.12.5b',
  '16.12.6',
  '16.12.6a',
  '16.12.7',
  '16.12.8',
  '16.12.9',
  '16.12.10',
  '16.12.10a',
  '17.1.1',
  '17.1.1a',
  '17.1.1s',
  '17.1.1t',
  '17.1.2',
  '17.1.3',
  '17.2.1',
  '17.2.1a',
  '17.2.1r',
  '17.2.1v',
  '17.2.2',
  '17.2.3',
  '17.3.1',
  '17.3.1a',
  '17.3.1w',
  '17.3.1x',
  '17.3.1z',
  '17.3.2',
  '17.3.2a',
  '17.3.3',
  '17.3.3a',
  '17.3.4',
  '17.3.4a',
  '17.3.4b',
  '17.3.4c',
  '17.3.5',
  '17.3.5a',
  '17.3.5b',
  '17.3.6',
  '17.3.7',
  '17.4.1',
  '17.4.1a',
  '17.4.1b',
  '17.4.1c',
  '17.4.2',
  '17.4.2a',
  '17.5.1',
  '17.5.1a',
  '17.5.1b',
  '17.5.1c',
  '17.6.1',
  '17.6.1a',
  '17.6.1w',
  '17.6.1x',
  '17.6.1y',
  '17.6.1z',
  '17.6.1z1',
  '17.6.2',
  '17.6.3',
  '17.6.3a',
  '17.6.4',
  '17.6.5',
  '17.6.5a',
  '17.7.1',
  '17.7.1a',
  '17.7.1b',
  '17.7.2',
  '17.8.1',
  '17.8.1a',
  '17.9.1',
  '17.9.1a',
  '17.9.1w',
  '17.9.1x',
  '17.9.1x1',
  '17.9.1y',
  '17.9.1y1',
  '17.9.2',
  '17.9.2a',
  '17.9.3',
  '17.9.3a',
  '17.9.4',
  '17.9.4a',
  '17.10.1',
  '17.10.1a',
  '17.10.1b',
  '17.11.1',
  '17.11.1a',
  '17.11.99SW',
  '17.12.1',
  '17.12.1a',
  '17.12.1w'
);

var reporting = make_array(
  'port'          , product_info['port'],
  'severity'      , SECURITY_HOLE,
  'version'       , product_info['version'],
  'bug_id'        , 'CSCwh41093',
  'disable_caveat', TRUE,
  'extra'         , extra
);

cisco::check_and_report(
  product_info:product_info,
  reporting:reporting,
  vuln_versions:version_list
);