5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
52.8%
According to its self-reported version, Cisco NX-OS System Software in ACI Mode is affected by a denial of service vulnerability. The vulnerability exists in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode.
An unauthenticated, remote attacker can exploit this by sending a stream of TCP packets to a specific port on a Switched Virtual Interface (SVI) configured on the device to cause a specific packet queue to queue network buffers but never process them, leading to an eventual queue wedge. This could cause control plane traffic to be dropped, resulting in a denial of service (DoS) condition where the leaf switches are unavailable.
Note: This vulnerability requires a manual intervention to power-cycle the device to recover.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
#TRUSTED 4d68d7c14bda919248fa39640ed2a5604627d48641c352f5eb1ea61569de9f666f95dbffe51a3cd936d8a1bb1cfe9868abbd209c2d67d502392e7c58d777910bed8332a9facfef783b0edac1b59a60c46ad1a607897af432b53eb951952fecaf3239a950688518d433177b532d38b0aed130fcaa4024c555991575bab1e64b55cc9ab8cba5aede4470329dd3b8316b88b96ae9ab3b86c558aea7eda4365235a8e9ef87c86ca93cfb88e226d7073f8ef8f26d9c1262e4bdf224728391fbf77a12e795b7a01487411ca53104aa4200d6ba30be99928d662d1635cc25ed54a1c0d45e4bec891b90dd17a55b25ea9db6894660580c32188af07a27bbd0afa015e98ec82545e6fe5665aa283342dcbb7512148b2b8066534a074e6232999b3a7a7f783e0fed7ee2158f973772a384aec3bc1e07a7b952395a8c9f2c059f3567dadff36d56fad1510e162549be46b35d0e8b08ecd9b368e2aa9d26922eb7eb4caf1713f873b0f1378dd6d747419f40e7de130a57c0f1759cf2ba541f09c88fca4161bd1d25b19459ee75f32a8e0cf28136fc33bfb7ecb3ee31d45e2d4a626576d433fe71bd4dd0124c67377eff5529d04ab53a54245785f56d4b5bec05b01511412f82cd4ce697dd3345546fc15f40afd5698b67c779458334073bdd9db3e990e73b9db9dc83bcb39f6e2648d296723b5c0fe9bd57877a93642d149d460c8c440418e4
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(158207);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/02/22");
script_cve_id("CVE-2021-1523");
script_xref(name:"CISCO-BUG-ID", value:"CSCvx14142");
script_xref(name:"CISCO-SA", value:"cisco-sa-n9kaci-queue-wedge-cLDDEfKF");
script_name(english:"Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge DoS (cisco-sa-n9kaci-queue-wedge-cLDDEfKF)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco NX-OS System Software in ACI Mode is affected by a denial of service
vulnerability. The vulnerability exists in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode.
An unauthenticated, remote attacker can exploit this by sending a stream of TCP packets to a specific port on a
Switched Virtual Interface (SVI) configured on the device to cause a specific packet queue to queue network buffers
but never process them, leading to an eventual queue wedge. This could cause control plane traffic to be dropped,
resulting in a denial of service (DoS) condition where the leaf switches are unavailable.
Note: This vulnerability requires a manual intervention to power-cycle the device to recover.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-queue-wedge-cLDDEfKF
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8c4051f9");
script_set_attribute(attribute:"see_also", value:"http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74640");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx14142");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvx14142");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-1523");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(772);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/25");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/21");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_nxos_version.nasl");
script_require_keys("Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Model", "Host/Cisco/NX-OS/Device", "Host/aci/system/chassis/summary");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
var product_info = cisco::get_product_info(name:'Cisco NX-OS Software');
if ('Nexus' >!< product_info.device || product_info.model !~ "(^|[^0-9])9[0-9]{3,}")
audit(AUDIT_HOST_NOT, 'affected');
# 9k in ACI mode
if (empty_or_null(get_kb_list('Host/aci/*')))
audit(AUDIT_HOST_NOT, 'an affected model due to non ACI mode');
var g_model = cisco_command_kb_item('Host/Cisco/Config/show_inventory', 'show inventory');
if (empty_or_null(g_model))
audit(AUDIT_HOST_NOT, 'an affected model');
var model_list = make_list(
'N9K-C9372PX-E',
'N9K-C9372TX-E',
'N9K-C9332PQ',
'N9K-C9372PX',
'N9K-C9372TX',
'N9K-C9396PX',
'N9K-C9396TX',
'N9K-C93128TX',
'N9K-C93120TX'
);
var vuln_model = FALSE;
foreach g1_model (model_list)
{
if (g1_model >< g_model)
{
vuln_model = TRUE;
break;
}
}
if (!vuln_model)
audit(AUDIT_HOST_NOT, 'an affected generation 1 model');
var version_list = make_list(
'12.0(1m)',
'12.0(2g)',
'12.0(1n)',
'12.0(1o)',
'12.0(1p)',
'12.0(1q)',
'12.0(2h)',
'12.0(2l)',
'12.0(2m)',
'12.0(2n)',
'12.0(2o)',
'12.0(2f)',
'12.0(1r)',
'12.1(1h)',
'12.1(2e)',
'12.1(3g)',
'12.1(4a)',
'12.1(1i)',
'12.1(2g)',
'12.1(2k)',
'12.1(3h)',
'12.1(3j)',
'12.2(1n)',
'12.2(2e)',
'12.2(3j)',
'12.2(4f)',
'12.2(4p)',
'12.2(3p)',
'12.2(3r)',
'12.2(3s)',
'12.2(3t)',
'12.2(2f)',
'12.2(2i)',
'12.2(2j)',
'12.2(2k)',
'12.2(2q)',
'12.2(1o)',
'12.2(4q)',
'12.2(4r)',
'12.2(1k)',
'12.3(1e)',
'12.3(1f)',
'12.3(1i)',
'12.3(1l)',
'12.3(1o)',
'12.3(1p)',
'13.0(1k)',
'13.0(2h)',
'13.0(2k)',
'13.0(2n)',
'13.1(1i)',
'13.1(2m)',
'13.1(2o)',
'13.1(2p)',
'13.1(2q)',
'13.1(2s)',
'13.1(2t)',
'13.1(2u)',
'13.1(2v)',
'13.2(1l)',
'13.2(1m)',
'13.2(2l)',
'13.2(2o)',
'13.2(3i)',
'13.2(3n)',
'13.2(3o)',
'13.2(3r)',
'13.2(4d)',
'13.2(4e)',
'13.2(3j)',
'13.2(3s)',
'13.2(5d)',
'13.2(5e)',
'13.2(5f)',
'13.2(6i)',
'13.2(41d)',
'13.2(7f)',
'13.2(7k)',
'13.2(9b)',
'13.2(8d)',
'13.2(9f)',
'13.2(9h)',
'14.0(1h)',
'14.0(2c)',
'14.0(3d)',
'14.0(3c)',
'14.1(1i)',
'14.1(1j)',
'14.1(1k)',
'14.1(1l)',
'14.1(2g)',
'14.1(2m)',
'14.1(2o)',
'14.1(2s)',
'14.1(2u)',
'14.1(2w)',
'14.1(2x)',
'14.2(1i)',
'14.2(1j)',
'14.2(1l)',
'14.2(2e)',
'14.2(2f)',
'14.2(2g)',
'14.2(3j)',
'14.2(3l)',
'14.2(3n)',
'14.2(3q)',
'14.2(4i)',
'14.2(4k)',
'14.2(4o)',
'14.2(4p)',
'14.2(5k)',
'14.2(5l)',
'14.2(5n)',
'14.2(6d)',
'14.2(6g)',
'14.2(6h)',
'14.2(6l)',
'14.2(6o)'
);
var reporting = make_array(
'port', 0,
'severity', SECURITY_WARNING,
'version' , product_info['version'],
'cmds' , make_list('show inventory'),
'bug_id' , 'CSCvx14142'
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_versions:version_list
);
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
52.8%