Multiple Vulnerabilities in Cisco Intrusion Prevention System Software (cisco-sa-20140219-ips)

high Nessus Plugin ID 72705

Synopsis

The remote security appliance is missing a vendor-supplied patch.

Description

According to its self-reported version, the version of the Cisco Intrusion Prevention System software running on the remote is affected by the following denial of service vulnerabilities :

- The Analysis Engine can become unresponsive due to improper handling of fragmented packets processed through the device. The device is only affected when the 'produce-verbose-alert' action is enabled.
(CVE-2014-0718)

- The MainApp can become unresponsive due to improper handling of malformed TCP packets sent to the management interface. Other critical tasks such as alert notification, event store management, sensor authentication, and the Analysis Engine can become unresponsive as well. (CVE-2014-0719)

- The Analysis Engine can become unresponsive due to improper handling of jumbo frames sent at a high rate.
(CVE-2014-0720)

An unauthenticated, remote attacker can exploit these issues to cause a denial of service.

Solution

Apply the relevant update referenced in Cisco Security Advisory cisco-sa-20140219-ips.

See Also

http://www.nessus.org/u?a789b5da

Plugin Details

Severity: High

ID: 72705

File Name: cisco-sa-20140219-ips.nasl

Version: 1.7

Type: local

Family: CISCO

Published: 2/26/2014

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/a:cisco:intrusion_prevention_system

Required KB Items: Host/Cisco/IPS/Version, Host/Cisco/IPS/Model

Exploit Ease: No known exploits are available

Patch Publication Date: 10/9/2013

Vulnerability Publication Date: 2/19/2014

Reference Information

CVE: CVE-2014-0718, CVE-2014-0719, CVE-2014-0720

BID: 65665, 65667, 65669

CISCO-SA: cisco-sa-20140219-ips

IAVA: 2014-A-0032

CISCO-BUG-ID: CSCuh94944, CSCui67394, CSCui91266