Cisco IOS Software Multiple Network Address Translation (NAT) Denial of Service Vulnerabilities (cisco-sa-20140326-nat)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

According to its self-reported version, the version of Cisco IOS
running on the remote host is affected by multiple denial of service
vulnerabilities in the Network Address Translation (NAT)
implementation :

- An issue exists in the TCP Input module due to the
improper handling of certain sequences of TCP packets.
An unauthenticated, remote attacker could potentially
exploit this issue by sending a specific sequence of
IPv4 TCP packets resulting in a denial of service.
(CVE-2014-2109)

- An issue exists in the Application Layer Gateway (ALG)
module due to the improper handling of malformed DNS
packets during the NAT procedure. An unauthenticated,
remote attacker could potentially exploit this issue by
sending malformed IPv4 DNS packets resulting in a denial
of service. (CVE-2014-2111)

Note that IPv6 packets cannot be used to exploit these issues.

See also :

http://www.nessus.org/u?bde264a3
http://tools.cisco.com/security/center/viewAlert.x?alertId=33347
http://tools.cisco.com/security/center/viewAlert.x?alertId=33349

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20140326-nat.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 73345 ()

Bugtraq ID: 66470

CVE ID: CVE-2014-2109
CVE-2014-2111