Multiple Vulnerabilities in Cisco Intrusion Prevention System Software (cisco-sa-20140219-ips)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote security appliance is missing a vendor-supplied patch.

Description :

According to its self-reported version, the version of the Cisco
Intrusion Prevention System software running on the remote is affected
by the following denial of service vulnerabilities :

- The Analysis Engine can become unresponsive due to
improper handling of fragmented packets processed
through the device. The device is only affected when
the 'produce-verbose-alert' action is enabled.
(CVE-2014-0718)

- The MainApp can become unresponsive due to improper
handling of malformed TCP packets sent to the
management interface. Other critical tasks such as
alert notification, event store management, sensor
authentication, and the Analysis Engine can become
unresponsive as well. (CVE-2014-0719)

- The Analysis Engine can become unresponsive due to
improper handling of jumbo frames sent at a high rate.
(CVE-2014-0720)

An unauthenticated, remote attacker can exploit these issues to cause
a denial of service.

See also :

http://www.nessus.org/u?14f261a3

Solution :

Apply the relevant update referenced in Cisco Security Advisory
cisco-sa-20140219-ips.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 72705 ()

Bugtraq ID: 65665
65667
65669

CVE ID: CVE-2014-0718
CVE-2014-0719
CVE-2014-0720