CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
65.0%
According to its self-reported version, the Cisco NX-OS Software is affected by a vulnerability in the authentication, authorization, and accounting (AAA) implementation of NX-OS System Software that could allow an unauthenticated, remote attacker to cause an affected device to reload.
#TRUSTED 3a2aad652e518a2aea7bda82a5fa51864216acf09f51d1d14debc6e6833a6237759b979758201c5d8457c5944790a15092cf6737d832b098705f9f19e82df523009abaf2234294f81b5b38fddb5895aade6986ee3eb29dfdeed4bd87058c24fef9125c49ebb95f50f8d715c608de802b0b987fd725367ced3b520d7b4e307304cfe844fc9046a38ee431f3e08f562a839d9949a03847029ee8dc92b1eb7bcaebf8adeeaa831d8766279d8cef533b218ceac4e5b01005a986ed75769c551422c0e84b13f9c2e445d2f22419aa79347530ce1f26d0d9f54984bd602a3817fb88cbf5598ecc99daea910c06702ebfab81b92a1d9d44f6a79a3bc002b7ddb052f310e0acd2d7a57b3487701119639205717cf9cf3857ad648da4cb8ed1417ad8c543a54899a82c6362085a3d60a9b374647dca16c073d39147b229cdb71a2c75376e497e79dff64c7defbcffa4bd660555f0f5dbb35c8258d63466679ec92b5c33912b072510af4cac747ab9e89a80dce435ffb70dc380a16edec10bffd60d895264a5c689f59b67398fb40454e5c365257bc2e7d5fc7715b63954cb2f9f3739dc4f674ea16ce15118ea3021c48a3ef1b583467fa6c4ad4265e787d166586c3137562c35fa48cc5f4b174f70b551f1c68fc65dfdb6b5817309b3b49e87002f5a3e4f9129e880a0145de42c011c88223bf00cd4ca3be920ae633e8c1d916ea0b7ce17
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(104177);
script_version("1.17");
script_cvs_date("Date: 2019/11/12");
script_cve_id("CVE-2017-3883");
script_bugtraq_id(101493);
script_xref(name:"CISCO-BUG-ID", value:"CSCuq58760");
script_xref(name:"CISCO-BUG-ID", value:"CSCuq71257");
script_xref(name:"CISCO-BUG-ID", value:"CSCur97432");
script_xref(name:"CISCO-BUG-ID", value:"CSCus05214");
script_xref(name:"CISCO-BUG-ID", value:"CSCux54898");
script_xref(name:"CISCO-BUG-ID", value:"CSCvb93995");
script_xref(name:"CISCO-BUG-ID", value:"CSCvc33141");
script_xref(name:"CISCO-BUG-ID", value:"CSCvd36971");
script_xref(name:"CISCO-BUG-ID", value:"CSCve03660");
script_xref(name:"CISCO-BUG-ID", value:"CSCvf64888");
script_xref(name:"CISCO-BUG-ID", value:"CSCvg41173");
script_xref(name:"CISCO-SA", value:"cisco-sa-20171018-aaavty");
script_name(english:"Cisco NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability Vulnerability");
script_summary(english:"Checks the Cisco NX-OS Software version.");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Cisco NX-OS Software is
affected by a vulnerability in the authentication, authorization,
and accounting (AAA) implementation of NX-OS System Software that
could allow an unauthenticated, remote attacker to cause an affected
device to reload.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b71cc502");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco Security
Advisory cisco-sa-20171018-aaavty or use the referenced vendor
workaround.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3883");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/18");
script_set_attribute(attribute:"patch_publication_date", value:"2017/10/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/26");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_nxos_version.nasl");
script_require_keys("Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Model");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");
device = get_kb_item_or_exit("Host/Cisco/NX-OS/Device");
model = get_kb_item_or_exit("Host/Cisco/NX-OS/Model");
version = get_kb_item_or_exit("Host/Cisco/NX-OS/Version");
# not affected if not MDS or Nexus
if ('MDS' >!< device && 'Nexus' >!< device && 'UCS' >!< device)
audit(AUDIT_HOST_NOT, "an affected device and/or model");
# Nexus models affected 1000V, 1100, 2000, 3000, 3500, 5000, 6000, 7000, 7700, 9000, 9500 R (handled below)
# Also affected:
# Nexus 9500 R-Series Line Cards and Fabric Modules
# Unified Computing System (UCS) 6100 Series Fabric Interconnects
# UCS 6200 Series Fabric Interconnects
# UCS 6300 Series Fabric Interconnects
# We do not have UCS Fabric devices, nor do we
# know the banner. For now we are only checking them if
# we are in paranoid mode.
# the paranoid series checks are 1000, 2000, 2000, 5000, 6000, 7000, 9000/9500
# non-paranoid series checks are 1000, 2000, 3000, 5000, 6000, 7000
if (report_paranoia >= 2)
{
if (('Nexus' >< device &&
model !~ "^[1235679][0-9][0-9][0-9]([^0-9]|$)$" &&
model !~ "^95[0-9][0-9]([^0-9]( R)?)[^0-9]|$") &&
('UCS' >< device && model !~ "^(61|62|63)[0-9][0-9]([^0-9]|$)$") &&
('MDS' >!< device))
{
audit(AUDIT_HOST_NOT, "an affected device and/or model");
}
}
else
{
if (('Nexus' >< device &&
model !~ "^[123567][0-9][0-9][0-9]([^0-9]|$)$") &&
('MDS' >!< device))
{
audit(AUDIT_HOST_NOT, "an affected device and/or model");
}
}
flag = FALSE;
fix = NULL;
override = FALSE;
# Cisco Nexus 1000V Switch
if ('Nexus' >< device)
{
if (model =~ '^1000V' || model =~ "^11[0-9][0-9]")
{
if(version =~ "^([0-3]\.[0-9]|4\.[0-2]|5\.2)")
fix = "See advisory";
}
# Cisco Nexus 3000
else if (model =~ "^3[0-9][0-9][0-9]([^0-9]|$)" && model !~ "^35[0-9][0-9]([^0-9]|$)")
{
if(version =~ "^([0-5]\.[0-9]|6\.0)")
fix = "6.0(3)I6(1)";
else if(version =~ "^7\.0")
fix = "6.0(3)I6(1)";
}
# Cisco Nexus 3500
else if (model =~ "^35[0-9][0-9]([^0-9]|$)")
{
if(version =~ "^([0-5]\.[0-9]|6\.0)")
fix = "6.0(2)A8(8)";
}
# Cisco Nexus 2000, 5500, 5600, 6000
else if (model =~ "^5[56][0-9][0-9]([^0-9]|$)" || model =~ "^2[0-9][0-9][0-9]([^0-9]|$)"
|| model =~ "^6[0-9][0-9][0-9]([^0-9]|$)")
{
if(version =~ "^([0-4]\.[0-9]|5\.[0-2]|[67]\.0|7\.[1-3])")
fix = "7.3(3)N1(1)";
}
# Cisco Nexus 5000
else if (model =~ "^5[0-9][0-9][0-9]([^0-9]|$)")
{
if(version =~ "^([0-4]\.[0-9]|5\.[0-2])")
fix = "See advisory";
}
# Cisco Nexus 7000, 7700
else if (model =~ "^7[0-9][0-9][0-9]([^0-9]|$)")
{
if(version =~ "^([0-4]\.[0-9]|5\.[0-2]|6\.[0-2])")
fix = "6.2(20)";
else if(version =~ "^7\.2")
fix = "7.2(3)D1(1)";
else if(version =~ "^7\.3")
fix = "7.3(2)D1(2)";
else if(version =~ "^8\.0")
fix = "8.0(2)";
else if(version =~ "^8\.1")
fix = "8.1(2)";
else if(version =~ "^8\.2")
fix = "8.2(2)";
}
else if (report_paranoia >= 2)
# Paranoid checks
# Cisco Nexus 9500 R Series
if (model =~ "^95[0-9][0-9]\s?R$")
{
if(version =~ "^7\.0")
fix = "7.0(3)F3(1)";
}
# Cisco Nexus 9000
else if (model =~ "^9[0-9][0-9][0-9]([^0-9]|$)" && model !~ "^95[0-9][0-9]\s?R$")
{
if(version =~ "^6\.1|7\.0")
fix = "7.0(3)I6(1)";
}
}
# Cisco MDS
else if ('MDS' >< device)
{
# 5.2 and 6.2
if(version =~ "^[56]\.2")
fix = "6.2(23)";
# 6.3 and 7.3
else if(version =~ "^[67]\.3")
fix = "7.3(1)DY(1)";
}
# Paranoid checks for UCS
else if (report_paranoia >= 2)
{
if('UCS' >< device)
{
if(version =~ "^([0-2]\.[0-9]|2\.[0-2])")
fix = "2.2(6c)";
else if(version =~ "^3\.0|3\.1")
fix = "3.1(2b)";
}
}
if (!isnull(fix) && (fix == "See advisory" || cisco_gen_ver_compare(a:version, b:fix) < 0))
{
flag = TRUE;
}
if (get_kb_item("Host/local_checks_enabled"))
{
if(flag)
{
flag = FALSE;
buf = cisco_command_kb_item("Host/Cisco/Config/show running-config | include aaa", "show running-config | include aaa");
if (check_cisco_result(buf))
{
if ("aaa" >< buf)
{
flag = TRUE;
}
}
else if (cisco_needs_enable(buf)) override = TRUE;
if (!flag && !override) audit(AUDIT_HOST_NOT, "affected because AAA is not configured");
}
}
if (flag || override)
{
security_report_cisco(
port : 0,
severity : SECURITY_WARNING,
override : override,
version : version,
fix : fix,
bug_id : "CSCve03660/CSCvc33141/CSCus05214/CSCus05214/CSCuq71257CSCuq58760/CSCur97432"
);
}
else audit(AUDIT_HOST_NOT, "affected");
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
65.0%