Cisco IOS XR Software IP Service Level Agreements Two Way Active Measurement Protocol DoS (cisco-sa-ipsla-ZA3SRrpP)

high Nessus Plugin ID 153206

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco IOS XR is affected by a vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features that allows an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvw32825, CSCvw61840

See Also

http://www.nessus.org/u?8c47a1c9

http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74637

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw32825

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw61840

Plugin Details

Severity: High

ID: 153206

File Name: cisco-sa-ipsla-ZA3SRrpP-iosxr.nasl

Version: 1.7

Type: combined

Family: CISCO

Published: 9/10/2021

Updated: 4/22/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-34720

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xr

Required KB Items: Host/Cisco/IOS-XR/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/8/2021

Vulnerability Publication Date: 9/8/2021

Reference Information

CVE: CVE-2021-34720

CWE: 771

CISCO-SA: cisco-sa-ipsla-ZA3SRrpP

IAVA: 2021-A-0407-S

CISCO-BUG-ID: CSCvw32825, CSCvw61840