Cisco Nexus 1000V Series Switches Arbitrary Command Execution Vulnerability (CSCui21340)

2014-11-04T00:00:00
ID CISCO-SN-CVE-2013-5556-NXOS.NASL
Type nessus
Reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
Modified 2021-06-02T00:00:00

Description

A vulnerability in the license installation module of a Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands. This issue is due to the failure of the 'install all iso' command to properly validate user-supplied input.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(78858);
  script_version("1.4");
  script_cvs_date("Date: 2019/10/29 10:38:39");

  script_cve_id("CVE-2013-5556");
  script_bugtraq_id(63732);
  script_xref(name:"CISCO-BUG-ID", value:"CSCui21340");

  script_name(english:"Cisco Nexus 1000V Series Switches Arbitrary Command Execution Vulnerability (CSCui21340)");
  script_summary(english:"Checks the NX-OS version.");

  script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in the license installation module of a Cisco Nexus
1000V could allow an authenticated, local attacker to execute
arbitrary shell commands. This issue is due to the failure of the
'install all iso' command to properly validate user-supplied input.");
  # https://tools.cisco.com/security/center/viewAlert.x?alertId=31774
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3366ca1f");
  script_set_attribute(attribute:"solution", value:"Apply the patch referenced in Cisco bug ID CSCui21340.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:nexus_1000v");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/11/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/04");

  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");
  script_family(english:"CISCO");

  script_dependencies("cisco_nxos_version.nasl");
  script_require_keys("Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Device", "Host/Cisco/NX-OS/Model");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");

device = get_kb_item_or_exit("Host/Cisco/NX-OS/Device");
model = get_kb_item_or_exit("Host/Cisco/NX-OS/Model");
version = get_kb_item_or_exit("Host/Cisco/NX-OS/Version");

# Cisco Nexus 1000V models are affected
if (
  device != 'Nexus' ||
  model !~ '^1[0-9][0-9][0-9][Vv]([^0-9]|$)'
) audit(AUDIT_HOST_NOT, "affected");

fix = NULL;

# Check if vuln version
if (
  version == '4.0(4)SV1(1)'    ||
  version == '4.0(4)SV1(2)'    ||
  version == '4.0(4)SV1(3)'    ||
  version == '4.0(4)SV1(3a)'   ||
  version == '4.0(4)SV1(3b)'   ||
  version == '4.0(4)SV1(3c)'   ||
  version == '4.0(4)SV1(3d)'
) fix = "Contact vendor.";

else if (
  version == '4.2(1)SV1(4)'    ||
  version == '4.2(1)SV1(4a)'   ||
  version == '4.2(1)SV1(4b)'   ||
  version == '4.2(1)SV1(5.1)'  ||
  version == '4.2(1)SV1(5.1a)' ||
  version == '4.2(1)SV1(5.2)'  ||
  version == '4.2(1)SV1(5.2b)'
) fix = "Contact vendor.";

else if (
  version == '4.2(1)SV2(1.1a)'
) fix = '4.2(1)SV2(2.1a)';

else if (
  version == '5.2(1)SM1(5.1)'
) fix = '5.2(1)SM1(5.2)';

else if (
  version =='4.2(1)VSG1(1)'
) fix = 'Contact vendor.';

if (!isnull(fix))
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Cisco bug ID      : CSCui21340' +
      '\n  Model             : ' + device + ' ' + model +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fix +
      '\n';
    security_warning(port:0, extra:report);
  }
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");