6.6 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
According to its self-reported version, Cisco FXOS is affected by a vulnerability. The vulnerability lies in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
#TRUSTED 437d748b79f04316908ecbf6fe027b579825c18f5107ff7c0b5fb3212415d566f1137b913bf92385f75269ebe1af9d7db9594b9eb3e71a46e1c0bf568f36a6c45847af170316be38420b4d8ed31f78cbb0e5f579e7daf2ee03a3264ad6c06c10153cdf856f4db895b8dbf91a23b065034a2c760061b183f44423069fb094f37a6c20458ec81d57805ae309e0641c16c3488313f5b6383ad36e072e11d44fa13a9adeceecd16994c7b3dc58d4b1900ffb5645ff200a8e2d32f60f2d703c449ca09b5a1eaf98b2851c63847f52fb93d91b8460b2ad69df30542c6578d2e70c4cd0ae8728b3571d7c8ce65180456d73678d4fcf1a57d85d226ef30a00858e9f5a4d0caac7f43e9dc4b8c24a84a82e6eaa0178731c2a68b7388b81154b05d87a7b54369cff9b10d87fa77011a593b9d6191bce3869a329327fbdf736725b9f36b22b532828d700b427ece39fd0c168685cab3e35b18ec0da255bee8a6d03d86cb5572ba53e6490e0d1106aa82396fbcc4136dda64e56b05dd667cccadbc4892789f96b1a955066969ed1b22360ed70f350487d2eec0dc475adbd0fc9f7f082f63973882e581d419b415f92803fd242c09ed11e832aa9e877ac081e35900ca4558293010dae905799255356134dfb6148ea0a4bd2755c9aae6dd06b30a0d30d05afae71b86a43745e891c2a1f53d738fa4499b1d6a9f702d75f34294b9e20fa8b9212
#TRUST-RSA-SHA256 a8e37569813f830e2abd4ee7e822defc0ba7cb4454435ec7bcd6a3bb314fdaa44d9ac79ba51c3e3d53bb269971f844587c01e526f8c0e879133a1faa778285de2b9e67357da353ec03b03acdc810b6324b89f8a56323c084f5b3dd58ccc408ecbcfb2af95fe6678b1fc0a83df9fb60bae4d5cc8b737b3ce5e2a6ce5e74f857143a225c6a196025453a493076af5640e3b04d809ee7aa201955476b1d937423e693ddd510cf1ba509fcefc97f830133636fc6cc55767d993ae49655e9978fac5e938d72d0eca302abb76a31f38dc5fef532c5151a89c466814c3ab16c02c13ccd16be190f81a5879f2b570db4dcb91715456b5f9b7f27fb2be203705274b8fdaa2e5bbf3fc535261a42f5070b4b8f98f75d73634c1a3196277feb6d1f044ee8c8112ddb0ae4f3b865186e2abbce5c751f960c04eb41566fed469301d6b7a49a87e9aca46e0985f9e0006470a5174424428b37a5e4790202788cbf90a517e22a817c03260a853c9264415a3f949647caf173a17330b3309f3c22edf8e16b4b2fba7e163019a32e022020f4a01f7015cd95961392184e0e881e53f47b23211d9b9f1175c46c6f80c365da5b14afbd5a8ef7fb94a17d0aba16cf3f7406664b16a9b307d174f2fcb97f1f4a8911ee39c7323178f8e06524905331fbe3d4e4e28f070629baad24e1a25cac78608d6446b0b5808533f4e3c1ab4f8bd59ec05c83c1d5a2
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(191750);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/08");
script_cve_id("CVE-2024-20294");
script_xref(name:"CISCO-BUG-ID", value:"CSCwe86457");
script_xref(name:"CISCO-BUG-ID", value:"CSCwf67408");
script_xref(name:"CISCO-BUG-ID", value:"CSCwf67409");
script_xref(name:"CISCO-BUG-ID", value:"CSCwf67411");
script_xref(name:"CISCO-BUG-ID", value:"CSCwf67412");
script_xref(name:"CISCO-BUG-ID", value:"CSCwf67468");
script_xref(name:"CISCO-BUG-ID", value:"CSCwi29934");
script_xref(name:"CISCO-BUG-ID", value:"CSCwi31871");
script_xref(name:"CISCO-SA", value:"cisco-sa-nxos-lldp-dos-z7PncTgt");
script_name(english:"Cisco FXOS Software Link Layer Discovery Protocol DoS (cisco-sa-nxos-lldp-dos-z7PncTgt)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco FXOS is affected by a vulnerability. The vulnerability lies in the Link
Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and could allow an unauthenticated, adjacent attacker to
cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of
specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an
interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device
through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the
attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP
crash may result in a reload of the affected device. Note: LLDP is a Layer 2 link protocol. To exploit this
vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically
or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-lldp-dos-z7PncTgt
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?789ffa5c");
# https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75059
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e327a04a");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe86457");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf67408");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf67409");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf67411");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf67412");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf67468");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwi29934");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwi31871");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwe86457, CSCwf67408, CSCwf67409, CSCwf67411,
CSCwf67412, CSCwf67468, CSCwi29934, CSCwi31871");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20294");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(805);
script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/28");
script_set_attribute(attribute:"patch_publication_date", value:"2024/02/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/08");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:firepower_threat_defense");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_enumerate_firepower.nbin");
script_require_keys("installed_sw/FXOS");
exit(0);
}
include('ccf.inc');
include('cisco_workarounds.inc');
var product_info = cisco::get_product_info(name:'FXOS');
# Vuln models Firepower 4100/9000 Series
if (product_info['model'] !~ "(41[0-9]{2}|9[0-9]{3})")
audit(AUDIT_HOST_NOT, 'affected');
var version_list = [
'2.2.1.63',
'2.2.1.66',
'2.2.1.70',
'2.2.2.17',
'2.2.2.19',
'2.2.2.24',
'2.2.2.26',
'2.2.2.28',
'2.2.2.54',
'2.2.2.60',
'2.2.2.71',
'2.2.2.83',
'2.2.2.86',
'2.2.2.91',
'2.2.2.97',
'2.2.2.101',
'2.2.2.137',
'2.2.2.148',
'2.2.2.149',
'2.3.1.99',
'2.3.1.93',
'2.3.1.91',
'2.3.1.88',
'2.3.1.75',
'2.3.1.73',
'2.3.1.66',
'2.3.1.58',
'2.3.1.130',
'2.3.1.111',
'2.3.1.110',
'2.3.1.144',
'2.3.1.145',
'2.3.1.155',
'2.3.1.166',
'2.3.1.173',
'2.3.1.179',
'2.3.1.180',
'2.3.1.56',
'2.3.1.190',
'2.3.1.215',
'2.3.1.216',
'2.3.1.219',
'2.3.1.230',
'2.6.1.131',
'2.6.1.157',
'2.6.1.166',
'2.6.1.169',
'2.6.1.174',
'2.6.1.187',
'2.6.1.192',
'2.6.1.204',
'2.6.1.214',
'2.6.1.224',
'2.6.1.229',
'2.6.1.230',
'2.6.1.238',
'2.6.1.239',
'2.6.1.254',
'2.6.1.259',
'2.6.1.264',
'2.6.1.265',
'2.8.1.105',
'2.8.1.125',
'2.8.1.139',
'2.8.1.143',
'2.8.1.152',
'2.8.1.162',
'2.8.1.164',
'2.8.1.172',
'2.8.1.186',
'2.8.1.190',
'2.8.1.198',
'2.9.1.131',
'2.9.1.135',
'2.9.1.143',
'2.9.1.150',
'2.9.1.158',
'2.10.1.159',
'2.10.1.166',
'2.10.1.179',
'2.10.1.207',
'2.10.1.234',
'2.10.1.245',
'2.10.1.271',
'2.11.1.154',
'2.11.1.182',
'2.11.1.200',
'2.11.1.205',
'2.12.0.31',
'2.12.0.432',
'2.12.0.450',
'2.12.0.467',
'2.12.0.498',
'2.12.1.29',
'2.12.1.48',
'2.13.0.198',
'2.13.0.212',
'2.13.0.243',
'2.14.1.131'
];
# LLDP on by default and cant be disabled on FXOS
var workarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);
var workaround_params = make_list();
var reporting = make_array(
'port' , 0,
'severity', SECURITY_WARNING,
'version' , product_info['version'],
'bug_id' , 'CSCwe86457, CSCwf67408, CSCwf67409, CSCwf67411, CSCwf67412, CSCwf67468, CSCwi29934, CSCwi31871'
);
cisco::check_and_report(
product_info:product_info,
workarounds:workarounds,
workaround_params: workaround_params,
reporting:reporting,
vuln_versions:version_list
);
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | firepower_threat_defense | cpe:/a:cisco:firepower_threat_defense |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20294
www.nessus.org/u?789ffa5c
www.nessus.org/u?e327a04a
bst.cloudapps.cisco.com/bugsearch/bug/CSCwe86457
bst.cloudapps.cisco.com/bugsearch/bug/CSCwf67408
bst.cloudapps.cisco.com/bugsearch/bug/CSCwf67409
bst.cloudapps.cisco.com/bugsearch/bug/CSCwf67411
bst.cloudapps.cisco.com/bugsearch/bug/CSCwf67412
bst.cloudapps.cisco.com/bugsearch/bug/CSCwf67468
bst.cloudapps.cisco.com/bugsearch/bug/CSCwi29934
bst.cloudapps.cisco.com/bugsearch/bug/CSCwi31871
6.6 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%