Lucene search
This script is Copyright (C) 2013-2024 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO_NXOS_VERSION.NASLHistoryMay 30, 2013 - 12:00 a.m.
Cisco NX-OS Version
2013-05-3000:00:00
This script is Copyright (C) 2013-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
68
7.4 High
AI Score
Confidence
Low
The remote host is running NX-OS, an operating system for Cisco switches.
It is possible to read the NX-OS version and Model either through SNMP or by connecting to the switch using SSH.
#TRUSTED 19e1615ed9123ad6460362c2ebc0640f1f79d2873ea3cdea3dc3502c95761c8508aa9878a0c5ede8e1fdd887e7b564f2265fb66cb139ab0b1d886f75729cd0a0b942d8e811ef666a90b76c35bc96735127ea3c6605d95785a458b37e51e71f02b24ed45886781ca6a008a3d4f6cc0e8110d644073fd58e15eb44b42a90994cc73a7de49786bc2fd720919da5ba113d6ba0a8698ad28cc9c66bbef07f7c32282f2598d9c30792093dc2d95d7b78221233bd8e3ea8c136aac51a14df371bad76efa39a76525e5c36008b6f9026d3a8225c5d40ca0c9fd02434ed91168daef8772102177e0103cc9361766349ef04a7d11b90bd46683cb21fb1747687de7c4bea7b16c9bf22fccf46ebba6040e05dc861ef2949bf518d23902f6dd8053101419a940bad9837f588986f2ce3d5d0f4da1011a25143c06ce971e3ca25de5e83e27619b19204e38d78d19a4125e81ab5aeb17c6854def30bdf62dc6d63879ec2aaa52e71860b72658902350ce1d4e69cd8681643f5a78e048a36e8cf77f3be8d2945c874b5c52133d52625977c9ae0d114e275ff7defab4ea005f938c33f9be3c177cdaaaab0e4fbfffe05db245d23ec2dcee9dfe4761b3e8476d96165a6788383f963012af0044f2c3cd862057d9fdd7f565fd3c34a58e7297eb7460b75c85a600cccb1219b5c5e73e7089206fc66db14820b1aede3e68ab44b11207889ab768c8a9f
#TRUST-RSA-SHA256 99410967cfa5ca360412fd93d65a37fac88108bfaeffa0ba6e2f36bd9c8ada09379791a2a5721bf1435a38b8fcf4d59e738fd6c8f8e65f1f6222c97164d307b492d0f222040757f617a45b4ae10bd137e671f7f10bacf93e4a97b55a15139ace0e03e7fef42e170e97fe58b95620443cebadbc305f1ca9907a943d68a014727608ec4b049a6168020e96a8ab976de27965c4bc7e90dacfd8b569694a2e250bd6519379ee034c8af5d6c6e56a024ce346d0cf100b936c3add3c9c78493ed80fe5bfa88ded09cf2f991c008ed5f96f61aebd4e98fa68b317cbe712c86ac3c26f9a5427dcb9bcfc01d9bb75beec6697df453c6e0d744ff108662e81624c0c054384116e8dc46ddd0d7e0be0ed083c51e247ee9c4023c1df06b7a794146f41851790551ef1d7c54371517b04cb60133a326bcd9dd5b8b0888ce72e3e921910bbd824668f6661047e85776461557b60ada4778a212448d50eccae1c87a321bcd991a2995b9dbe3ee5e5ce62d70195c1debaaf43b1e89daf1d6b4bef7cbcded794b493ecb1baf831c41977af880f673287c9fcc72b5a13daaa094481fe32a31c20606bb65eeb9ea4cd8112bee9b6c6668c5457ef6c83b939def5af2557c091ea50908108448417a2b3c8abf706052596b3455b81ac98d53572002a6c24a2342f3901edff15ac8541fe1a8c60f8d3e080539b16612f1e7653ee7860da577e91107f1c5b
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(66696);
script_version("1.23");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/26");
script_xref(name:"IAVT", value:"0001-T-0555");
script_name(english:"Cisco NX-OS Version");
script_set_attribute(attribute:"synopsis", value:"It is possible to obtain the NX-OS version of the remote Cisco device.");
script_set_attribute(attribute:"description", value:
"The remote host is running NX-OS, an operating system for Cisco
switches.
It is possible to read the NX-OS version and Model either through SNMP
or by connecting to the switch using SSH.");
script_set_attribute(attribute:"solution", value:"n/a");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/30");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os");
script_set_attribute(attribute:"asset_inventory", value:"True");
script_set_attribute(attribute:"hardware_inventory", value:"True");
script_set_attribute(attribute:"os_identification", value:"True");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"CISCO");
script_dependencies("ssh_get_info.nasl", "snmp_sysDesc.nasl", "snmp_cisco_type.nasl");
script_require_ports("Host/Cisco/show_ver", "SNMP/sysDesc", "Host/aci/system/firmware/summary", "Host/Cisco/apic/show_version");
exit(0);
}
include("snmp_func.inc");
include("ssh_lib.inc");
include('structured_data_asset_identifier.inc');
##
# Finds and returns chassis serial number in the 'show inventory' command output retrieved from the KB.
# @param [show_inventory:string] Output of 'show inventory' NXOS command, retrieved from the KB.
# @return [string|NULL] string containing the serial number if found, NULL if SN is not found or show_inventory is missing.
function grab_serial_number(show_inventory)
{
if(empty_or_null(show_inventory)) return NULL;
var sn_regex = 'NAME: "Chassis"(?:.|\\s)*?SN: (\\S+)';
var serial_number = pregmatch(string:show_inventory, pattern:sn_regex, multiline:TRUE);
if(!empty_or_null(serial_number)) serial_number = serial_number[1];
else serial_number = NULL;
return serial_number;
}
##
# Saves the provided NXOS version number in the KB, generates plugin output,
# and exits. If a model number is provided it is also saved in
# the KB and reported, but a model number is not required.
#
# @param ver NXOS version number
# @param device NXOS device type
# @param model NXOS model number
# @param source service used to obtain the version
# @param port Port used in detection (0 for SSH)
# @param proto Protocol used in detection (udp or tcp)
# @param sn Serial number of the device
#
# @return NULL if 'ver' is NULL,
# otherwise this function exits before it returns
##
function report_and_exit(ver, device, model, source, port, proto, sn)
{
local_var report, os;
if (isnull(proto)) proto = 'tcp';
set_kb_item(name:"Host/Cisco/NX-OS/Device", value:device);
if (!isnull(model))
set_kb_item(name:"Host/Cisco/NX-OS/Model", value:model);
set_kb_item(name:"Host/Cisco/NX-OS/Version", value:ver);
set_kb_item(name:"Host/Cisco/NX-OS/Port", value:port);
set_kb_item(name:"Host/Cisco/NX-OS/Protocol", value:proto);
replace_kb_item(name:"Host/Cisco/NX-OS", value:TRUE);
if ( source == "SSH" )
{
os = "CISCO NX-OS " + ver;
set_kb_item(name:"Host/OS/CiscoShell", value:os);
set_kb_item(name:"Host/OS/CiscoShell/Confidence", value:100);
set_kb_item(name:"Host/OS/CiscoShell/Type", value:"switch");
}
report =
'\n Source : ' + source +
'\n Version : ' + ver;
if (!isnull(device))
report += '\n Device : ' + device;
if (!isnull(model))
report += '\n Model : ' + model;
if (port)
report += '\n Port : ' + port;
if (sn)
report += '\n SN : ' + sn;
report += '\n';
security_report_v4(severity:SECURITY_NOTE, port:port, proto:proto, extra:report);
exit(0);
}
var version = NULL;
var device = NULL;
var model = NULL;
var ips_ssh, ssh_port, banner, pat, ips_snmp, community, port, soc, txt, ips_aci, model_kb, ips_apic, failed_methods, show_inventory;
# 1. SSH
ips_ssh = get_kb_item("Host/Cisco/show_ver");
if (ips_ssh)
{
show_inventory = get_kb_item("Host/Cisco/Config/show_inventory");
serial_number = grab_serial_number(show_inventory:show_inventory);
if(!empty_or_null(serial_number))
{
set_kb_item(name:"Host/Cisco/SerialNumber", value:serial_number);
report += '\n SN : ' + serial_number;
snc = new structured_data_asset_identifier();
id_data = {"type":"Network Device Serial Identifier", "identifier_source":"ciscoSerialNumber", "identifier_value":serial_number};
snc.append('identifier', id_data);
snc.report_internal();
}
if ("Cisco Nexus Operating System (NX-OS) Software" >< ips_ssh)
{
version = pregmatch(string:ips_ssh, pattern:"NXOS:\s+version\s+([0-9a-zA-Z\.\(\)]+)[^\s\r\n]*", icase:TRUE);
if (isnull(version))
version = pregmatch(string:ips_ssh, pattern:"[Ss]ystem:?\s+[Vv]ersion:?\s+([0-9a-zA-Z\.\(\)]+)[^\s\r\n]*");
if (!isnull(version))
{
# Check if it's a UCS device
# this can be expanded when we know more about Cisco UCS products
ssh_port = get_service(svc:'ssh', default:22);
banner = get_kb_item('SSH/textbanner/'+ssh_port);
# e.g. textbanner = Cisco UCS 6200 Series Fabric Interconnect\n
if (!isnull(banner))
{
banner = chomp(banner);
pat = "^Cisco UCS (\S+ Series) Fabric Interconnect$";
model = pregmatch(string:banner, pattern:pat, icase:TRUE);
if (!isnull(model)) device = 'Cisco UCS Fabric Interconnect';
}
if (isnull(model))
{
if ('MDS' >< ips_ssh)
{
device = 'MDS';
model = pregmatch(string:ips_ssh, pattern:"MDS\s*\d+\s+[cC]([^\r\n\s]+)[^\r\n]*\s+Chassis");
if (isnull(model))
model = pregmatch(string:ips_ssh, pattern:"MDS\s*([^\r\n\s]+)[^\r\n]*\s+Chassis");
}
else
{
device = 'Nexus';
model = pregmatch(string:ips_ssh, pattern:"[Nn]exus\s*\d+\s+[cC]([^\r\n\s]+)[^\r\n]*\s+[Cc]hassis");
if (isnull(model))
model = pregmatch(string:ips_ssh, pattern:"[Nn]exus\s*([^\r\n\s]+)[^\r\n]*\s+[Cc]hassis");
if (isnull(model))
model = pregmatch(string:ips_ssh, pattern:"Hardware\r?\n\s*[Cc]isco (?:[Nn]exus )?\s*([^\r\n\s]+)\s+([Cc]hassis|\(.[Ss]upervisor.\))");
}
}
if (!isnull(model))
model = model[1];
report_and_exit(ver:version[1], device:device, model:model, source:'SSH', port:0, sn:serial_number);
}
}
else if ("Device Connector Version:" >< ips_ssh &&
"Management Package Version:" >< ips_ssh)
{
# Source: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsfi-imm-syn-p6kZTDQC
version = pregmatch(string:ips_ssh, pattern:"Device Connector Version\:\s(\d+)\.(\d+)\.(\d+)\-(\d+)");
var imm_version = pregmatch(string:ips_ssh, pattern:"Management Package Version\:\s(\d+)\.(\d+)\.(\d+)\-(\d+)");
if (!empty_or_null(version))
version = strcat(version[1], '.', version[2], '.', version[3], '-', version[4]);
if (!empty_or_null(imm_version))
{
imm_version = strcat(imm_version[1], '.', imm_version[2], '.', imm_version[3], '-', imm_version[4]);
set_kb_item(name:"Host/Cisco/NX-OS/IMM_Version", value:imm_version);
}
if (!empty_or_null(version) &&
!empty_or_null(imm_version))
{
device = 'Cisco UCS Fabric Interconnect';
# Improving 'model' will require a scan of an actual UCS system, needed from field.
model = '6400/6500';
report_and_exit(ver:version, device:device, model:model, source:'SSH', port:0, sn:serial_number);
}
}
}
# 2. SNMP
ips_snmp = get_kb_item("SNMP/sysDesc");
if (ips_snmp)
{
community = get_kb_item("SNMP/community");
if ( (community) && (!model) )
{
port = get_kb_item("SNMP/port");
if(!port)port = 161;
if (! get_udp_port_state(port)) audit(AUDIT_PORT_CLOSED, port);
soc = open_sock_udp(port);
if (soc)
{
txt = snmp_request (socket:soc, community:community, oid:"1.3.6.1.2.1.1.1.0");
if ( (txt) && ('NX-OS' >< txt) )
{
# get version
txt = snmp_request (socket:soc, community:community, oid:"1.3.6.1.2.1.47.1.1.1.1.9.22");
if (txt) version = txt;
# get model
txt = snmp_request (socket:soc, community:community, oid:"1.3.6.1.2.1.47.1.1.1.1.2.149");
if (txt && 'MDS' >< txt)
{
device = 'MDS';
model = pregmatch(string:txt, pattern:"MDS\s*([^\r\n\s]+)[^\r\n]*\s+Chassis");
}
if (txt && 'Nexus' >< txt)
{
device = 'Nexus';
model = pregmatch(string:txt, pattern:"Nexus\s*([^\r\n\s]+)[^\r\n]*\s+Chassis");
}
}
}
}
if (!isnull(model))
model = model[1];
if (!isnull(version))
report_and_exit(ver:version, device:device, model:model, source:'SNMP', port:port, proto:'udp', sn:serial_number);
}
# 3. SSH (Nexus 9xxx Switches may support "ACI" (bash shell)
# which also allows us to obtain version information)
ips_aci = get_kb_item("Host/aci/system/firmware/summary");
if (ips_aci)
{
# Same expected format as with SSH above
version = pregmatch(string:ips_aci, pattern:"[Dd]escription\s+:\s[Vv]ersion\s([0-9a-zA-Z\.\(\)]+)\s");
if (!empty_or_null(version) && !empty_or_null(version[1]))
{
version = version[1];
device = 'Nexus';
model_kb = get_kb_item("Host/aci/system/chassis/summary");
model = pregmatch(string:model_kb, pattern:"[Nn]exus\s*\d+\s+[cC]([^\s]+)[^\r\n]*\s+[Cc]hassis");
if (isnull(model))
{
model = pregmatch(string:model_kb, pattern:"[Nn]exus\s*([^\s]+)[^\r\n]*\s+[Cc]hassis");
}
if (!empty_or_null(model) && !empty_or_null(model[1]))
model = model[1];
report_and_exit(ver:version, device:device, model:model, source:'SSH', port:0, sn:serial_number);
}
}
# 4. SSH (Nexus APIC Controller may support "ACI" (bash shell)
# which also allows us to obtain version information)
ips_apic = get_kb_item("Host/Cisco/apic/show_version");
if (ips_apic)
{
version = pregmatch(string:ips_apic, pattern:"\s([\d]+\.[\d]+\(.+\))");
if (!empty_or_null(version) && !empty_or_null(version[1]))
{
version = version[1];
device = 'Cisco Application Policy Infrastructure Controller';
model = 'Cisco APIC';
report_and_exit(ver:version, device:device, model:model, source:'SSH', port:0);
}
}
failed_methods = make_list();
if (ips_ssh)
failed_methods = make_list(failed_methods, 'SSH');
if (ips_snmp)
failed_methods = make_list(failed_methods, 'SNMP');
if (ips_aci)
failed_methods = make_list(failed_methods, 'SSH (ACI feature)');
if (ips_apic)
failed_methods = make_list(failed_methods, 'SSH (ACI on APIC)');
if (max_index(failed_methods) > 0)
exit(1, 'Unable to determine Cisco NX-OS version number obtained via ' + join(failed_methods, sep:'/') + '.');
else
exit(0, 'The Cisco NX-OS version is not available (the remote host may not be Cisco NXOS).');
7.4 High
AI Score
Confidence
Low