Lucene search

HistorySep 17, 2019 - 12:00 a.m.

Cisco NX-OS Precision Time Protocol (PTP) Denial of Service Vulnerability

2019-09-1700:00:00

www.tenable.com

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

68.3%

JSON

According to its self-reported version, the Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability which exists in its Precision Time Protocol (PTP) implementation due to a lack of protection against PTP frame flood attacks. An unauthenticated, remote attacker can exploit this issue, by sending large streams of malicious PTP traffic to the device, to cause the system to stop responding.

Please see the included Cisco BIDs and the Cisco Security Advisory for more information.

#TRUSTED 99494169e0753e1b7c10bb8a1bac6863f87250fada05ea229d94079a196b5ffab9daf9530f677317b51a6d55876b980d3f1d2b17546a4264e75d927c463e89a37d9a97012e42b3421e9cf7bd3e79d39533b4fdcecf4927f259563d90b9051ec9ecc72ccc0e137190caca261a72bb561290cbb502d4656cef42400c56643f11a84c41887f7931e3da214d47f5f6e30eeaffdfe3dea6e72814b4d8099614dcb05ad9eff8a8ca819c4804589a10a0a7b7aa57164a9c664bcbc6fbed98fadf3d8c9a5b1c56e562f962d69e3c69f6184514d5829c9874d8ec0c2a41782322f93777901fd3356bbfc752876f0197e1339cf58de9dd4c52f012da1cf03c5f3affc37dce28e4ccadc714858882ef495e791b15f8248962c765277bfb7e52afbdc8696d096e01544b5a0cd798831873ccb61b670f07836ff57ef50eed1171ae9f61e3e4eb3ef5ca4d9e69dfa4edcd778e6ac860f55c26eaba4a2f0934376e2dc15f1291ab28daea8f53b8c5436eeaffa8e445bd47209b51ef088faa48d67df3be1e12f306918d3304f4b991f28abd868a610f54af2e233755ac987ee7d9cd2af50f8bbbd33f308cbb78ebcf41bcc4c90a2dd81eed30ccf1e7a7194a8e5700faf3c5496949c51de2e73180a00f9d55e0e3918f0e5aeafcc56402973919efb3f4c0f87b4618336e5d135531a833a50765c9cff14527c590aecdce66b1a0dbcdad6ead73e594
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(128877);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/04/27");

  script_cve_id("CVE-2018-0378");
  script_bugtraq_id(105669);
  script_xref(name:"CISCO-BUG-ID", value:"CSCvg21830");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20181017-nexus-ptp-dos");

  script_name(english:"Cisco NX-OS Precision Time Protocol (PTP) Denial of Service Vulnerability");
  script_summary(english:"Checks the Cisco NX-OS Software version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Cisco device is affected by a denial of service vulnerability");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Cisco NX-OS Software is affected
by a denial of service (DoS) vulnerability which exists in its Precision Time Protocol (PTP) implementation due to a 
lack of protection against PTP frame flood attacks. An unauthenticated, remote attacker can exploit this issue, by 
sending large streams of malicious PTP traffic to the device, to cause the system to stop responding. 

Please see the included Cisco BIDs and the Cisco Security Advisory for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-nexus-ptp-dos
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e46fc38e");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg21830");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID(s)
CSCvg21830.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0378");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/17");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_nxos_version.nasl");
  script_require_keys("Host/Cisco/NX-OS/Device", "Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Model");

  exit(0);
}

include('audit.inc');
include('cisco_workarounds.inc');
include('ccf.inc');

device = get_kb_item_or_exit('Host/Cisco/NX-OS/Device');
model = get_kb_item_or_exit('Host/Cisco/NX-OS/Model');
version = get_kb_item_or_exit('Host/Cisco/NX-OS/Version');

if ('Nexus' >!< device || model !~ '^5[56][0-9]{2}|6[0-9]{3}')
  audit(AUDIT_HOST_NOT, 'an affected device and/or model');

product_info = cisco::get_product_info(name:'Cisco NX-OS Software');

version_list = make_list(
  '6.0(2)N1(2)',
  '6.0(2)N1(2a)',
  '6.0(2)N2(1)',
  '6.0(2)N2(1b)',
  '6.0(2)N2(2)',
  '6.0(2)N2(3)',
  '6.0(2)N2(4)',
  '6.0(2)N2(5)',
  '7.0(0)N1(1)',
  '7.0(1)N1(1)',
  '7.0(2)N1(1)',
  '7.0(3)N1(1)',
  '7.0(6)N1(1)',
  '7.1(1)N1(1)',
  '6.0(2)N2(5a)',
  '6.0(2)N2(6)',
  '6.0(2)N2(7)',
  '7.0(4)N1(1)',
  '7.0(5)N1(1)',
  '7.0(5)N1(1a)',
  '7.0(7)N1(1)',
  '7.1(0)N1(1a)',
  '7.1(0)N1(1b)',
  '7.1(2)N1(1)',
  '7.1(3)N1(1)',
  '7.2(0)N1(1)',
  '7.2(1)N1(1)',
  '4.2(1)N1(1)',
  '4.2(1)N2(1)',
  '4.2(1)N2(1a)',
  '5.0(2)N1(1)',
  '5.0(2)N2(1)',
  '5.0(2)N2(1a)',
  '5.0(3)N1(1)',
  '5.0(3)N1(1a)',
  '5.0(3)N1(1b)',
  '5.0(3)N1(1c)',
  '5.0(3)N2(1)',
  '5.0(3)N2(2)',
  '5.0(3)N2(2a)',
  '5.0(3)N2(2b)',
  '5.1(3)N1(1)',
  '5.1(3)N1(1a)',
  '5.1(3)N2(1)',
  '5.1(3)N2(1a)',
  '5.1(3)N2(1b)',
  '5.1(3)N2(1c)',
  '5.2(1)N1(1)',
  '5.2(1)N1(1a)',
  '5.2(1)N1(1b)',
  '5.2(1)N1(2)',
  '5.2(1)N1(2a)',
  '5.2(1)N1(3)',
  '5.2(1)N1(4)',
  '5.2(1)N1(5)',
  '5.2(1)N1(6)',
  '5.2(1)N1(7)',
  '5.2(1)N1(8)',
  '5.2(1)N1(8a)',
  '5.2(1)N1(8b)',
  '5.2(1)N1(9)',
  '5.2(1)N1(9a)',
  '5.2(1)N1(9b)',
  '6.0(2)N1(1)',
  '7.0(8)N1(1)',
  '7.1(0)N1(1)',
  '7.1(3)N1(2)',
  '7.1(4)N1(1)',
  '7.1(5)N1(1)',
  '7.3(0)N1(1)',
  '7.3(1)N1(1)',
  '7.3(2)N1(1)',
  '7.3(1)N1(1)',
  '7.3(2)N1(1)',
  '7.3(0)N1(1b)',
  '7.3(0)N1(1a)',
  '7.3(0)N1(1)',
  '7.2(1)N1(1)',
  '7.2(0)N1(1)',
  '7.1(5)N1(1)',
  '7.1(4)N1(1d)',
  '7.1(4)N1(1c)',
  '7.1(4)N1(1a)',
  '7.1(4)N1(1)',
  '7.1(3)N1(5)',
  '7.1(3)N1(4)',
  '7.1(3)N1(3)',
  '7.1(3)N1(2a)',
  '7.1(3)N1(2)',
  '7.1(3)N1(1b)',
  '7.1(3)N1(1)',
  '7.1(2)N1(1a)',
  '7.1(2)N1(1)',
  '7.1(1)N1(1a)',
  '7.1(1)N1(1)',
  '7.1(0)N1(2)',
  '7.1(0)N1(1b)',
  '7.1(0)N1(1a)',
  '7.1(0)N1(1)',
  '7.0(8)N1(1a)',
  '7.0(8)N1(1)',
  '7.0(7)N1(1b)',
  '7.0(7)N1(1a)',
  '7.0(7)N1(1)',
  '7.0(6)N1(4s)',
  '7.0(6)N1(3s)',
  '7.0(6)N1(2s)',
  '7.0(6)N1(1c)',
  '7.0(6)N1(1)',
  '7.0(5)N1(1a)',
  '7.0(5)N1(1)',
  '7.0(4)N1(1a)',
  '7.0(4)N1(1)',
  '7.0(3)N1(1)',
  '7.0(2)N1(1a)',
  '7.0(2)N1(1)',
  '7.0(0)N1(1)',
  '7.0(1)N1(1)',
  '4.2(1)N1(1)',
  '4.2(1)N2(1)',
  '4.2(1)N2(1a)',
  '5.0(2)N1(1)',
  '5.0(2)N2(1)',
  '5.0(2)N2(1a)',
  '5.0(3)N1(1)',
  '5.0(3)N1(1a)',
  '5.0(3)N1(1b)',
  '5.0(3)N1(1c)',
  '5.0(3)N2(1)',
  '5.0(3)N2(2)',
  '5.0(3)N2(2a)',
  '5.0(3)N2(2b)',
  '5.1(3)N1(1)',
  '5.1(3)N1(1a)',
  '5.1(3)N2(1)',
  '5.1(3)N2(1a)',
  '5.1(3)N2(1b)',
  '5.1(3)N2(1c)',
  '5.2(1)N1(1)',
  '5.2(1)N1(1a)',
  '5.2(1)N1(1b)',
  '5.2(1)N1(2)',
  '5.2(1)N1(2a)',
  '5.2(1)N1(3)',
  '5.2(1)N1(4)',
  '5.2(1)N1(5)',
  '5.2(1)N1(6)',
  '5.2(1)N1(7)',
  '5.2(1)N1(8)',
  '5.2(1)N1(8a)',
  '5.2(1)N1(8b)',
  '5.2(1)N1(9)',
  '5.2(1)N1(9a)',
  '5.2(1)N1(9b)',
  '6.0(2)N1(1)',
  '6.0(2)N1(2)',
  '6.0(2)N1(2a)',
  '6.0(2)N2(1)',
  '6.0(2)N2(1b)',
  '6.0(2)N2(2)',
  '6.0(2)N2(3)',
  '6.0(2)N2(4)',
  '6.0(2)N2(5)',
  '6.0(2)N2(5a)',
  '6.0(2)N2(6)',
  '6.0(2)N2(7)',
  '7.1(4)N1(1e)'
);

workarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);
workaround_params = WORKAROUND_CONFIG['ptp_clock'];

reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_HOLE,
  'version'  , product_info['version'],
  'bug_id'   , 'CSCvg21830',
  'cmds'     , make_list('show ptp clock')
);

cisco::check_and_report(
  product_info:product_info,
  workarounds:workarounds,
  workaround_params:workaround_params,
  reporting:reporting,
  vuln_versions:version_list,
  switch_only:TRUE
);

VendorProductVersionCPE
cisconx-oscpe:/o:cisco:nx-os

Vendor	Product	Version	CPE
cisco	nx-os		cpe:/o:cisco:nx-os

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0378

www.nessus.org/u?e46fc38e

bst.cloudapps.cisco.com/bugsearch/bug/CSCvg21830

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

68.3%

JSON

Related for CISCO-SA-20181017-NEXUS-PTP-DOS.NASL