Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_CISCO_CVE-2014-3261.NASLHistoryJul 25, 2023 - 12:00 a.m.
Cisco Multiple Vulnerabilities in NX-OS-Based Products (CVE-2014-3261)
2023-07-2500:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
cisco
nx-os
buffer overflow
smart call home
fabric interconnects
unified computing system
nexus 3000
nexus 4000
nexus 5000
nexus 7000
cg-os
connected grid routers
remote smtp servers
arbitrary code
tenable.ot
scanner
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
7.9 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
45.1%
Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501403);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/14");
script_cve_id("CVE-2014-3261");
script_name(english:"Cisco Multiple Vulnerabilities in NX-OS-Based Products (CVE-2014-3261)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Buffer overflow in the Smart Call Home implementation in Cisco NX-OS
on Fabric Interconnects in Cisco Unified Computing System 1.4 before
1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1
before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before
5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus
7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected
Grid Routers allows remote SMTP servers to execute arbitrary code via
a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632,
CSCts56628, CSCug14405, and CSCuf61322.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5f6099be");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3261");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(119);
script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/26");
script_set_attribute(attribute:"patch_publication_date", value:"2014/05/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:4.1.%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%282%29n1%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%282%29n2%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%282%29n2%281a%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%282a%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29n1%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29n1%281a%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29n1%281b%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29n1%281c%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29n2%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29n2%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29n2%282a%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29n2%282b%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u1%281a%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u1%281b%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u1%281d%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u1%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u1%282a%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u2%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u2%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u2%282a%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u2%282b%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u2%282c%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u2%282d%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u3%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u3%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u3%282a%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u3%282b%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u4%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u5%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u5%281a%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u5%281b%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u5%281c%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u5%281d%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%283%29u5%281e%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.0%285%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.1%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.1%281a%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.1%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.1%283%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.2%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.2%283%29");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Cisco");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Cisco');
var asset = tenable_ot::assets::get(vendor:'Cisco');
var vuln_cpes = {
"cpe:/o:cisco:nx-os:5.2" :
{"versionEndIncluding" : "5.2", "versionStartIncluding" : "5.2", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.2%281%29" :
{"versionEndIncluding" : "5.2%281%29", "versionStartIncluding" : "5.2%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.2%283%29" :
{"versionEndIncluding" : "5.2%283%29", "versionStartIncluding" : "5.2%283%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0" :
{"versionEndIncluding" : "5.0", "versionStartIncluding" : "5.0", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%282%29" :
{"versionEndIncluding" : "5.0%282%29", "versionStartIncluding" : "5.0%282%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%282%29n1%281%29" :
{"versionEndIncluding" : "5.0%282%29n1%281%29", "versionStartIncluding" : "5.0%282%29n1%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%282%29n2%281%29" :
{"versionEndIncluding" : "5.0%282%29n2%281%29", "versionStartIncluding" : "5.0%282%29n2%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%282%29n2%281a%29" :
{"versionEndIncluding" : "5.0%282%29n2%281a%29", "versionStartIncluding" : "5.0%282%29n2%281a%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%282a%29" :
{"versionEndIncluding" : "5.0%282a%29", "versionStartIncluding" : "5.0%282a%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29" :
{"versionEndIncluding" : "5.0%283%29", "versionStartIncluding" : "5.0%283%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29n1%281%29" :
{"versionEndIncluding" : "5.0%283%29n1%281%29", "versionStartIncluding" : "5.0%283%29n1%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29n1%281a%29" :
{"versionEndIncluding" : "5.0%283%29n1%281a%29", "versionStartIncluding" : "5.0%283%29n1%281a%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29n1%281b%29" :
{"versionEndIncluding" : "5.0%283%29n1%281b%29", "versionStartIncluding" : "5.0%283%29n1%281b%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29n1%281c%29" :
{"versionEndIncluding" : "5.0%283%29n1%281c%29", "versionStartIncluding" : "5.0%283%29n1%281c%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29n2%281%29" :
{"versionEndIncluding" : "5.0%283%29n2%281%29", "versionStartIncluding" : "5.0%283%29n2%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29n2%282%29" :
{"versionEndIncluding" : "5.0%283%29n2%282%29", "versionStartIncluding" : "5.0%283%29n2%282%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29n2%282a%29" :
{"versionEndIncluding" : "5.0%283%29n2%282a%29", "versionStartIncluding" : "5.0%283%29n2%282a%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29n2%282b%29" :
{"versionEndIncluding" : "5.0%283%29n2%282b%29", "versionStartIncluding" : "5.0%283%29n2%282b%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u1%281a%29" :
{"versionEndIncluding" : "5.0%283%29u1%281a%29", "versionStartIncluding" : "5.0%283%29u1%281a%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u1%281b%29" :
{"versionEndIncluding" : "5.0%283%29u1%281b%29", "versionStartIncluding" : "5.0%283%29u1%281b%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u1%281d%29" :
{"versionEndIncluding" : "5.0%283%29u1%281d%29", "versionStartIncluding" : "5.0%283%29u1%281d%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u1%282%29" :
{"versionEndIncluding" : "5.0%283%29u1%282%29", "versionStartIncluding" : "5.0%283%29u1%282%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u1%282a%29" :
{"versionEndIncluding" : "5.0%283%29u1%282a%29", "versionStartIncluding" : "5.0%283%29u1%282a%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u2%281%29" :
{"versionEndIncluding" : "5.0%283%29u2%281%29", "versionStartIncluding" : "5.0%283%29u2%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u2%282%29" :
{"versionEndIncluding" : "5.0%283%29u2%282%29", "versionStartIncluding" : "5.0%283%29u2%282%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u2%282a%29" :
{"versionEndIncluding" : "5.0%283%29u2%282a%29", "versionStartIncluding" : "5.0%283%29u2%282a%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u2%282b%29" :
{"versionEndIncluding" : "5.0%283%29u2%282b%29", "versionStartIncluding" : "5.0%283%29u2%282b%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u2%282c%29" :
{"versionEndIncluding" : "5.0%283%29u2%282c%29", "versionStartIncluding" : "5.0%283%29u2%282c%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u2%282d%29" :
{"versionEndIncluding" : "5.0%283%29u2%282d%29", "versionStartIncluding" : "5.0%283%29u2%282d%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u3%281%29" :
{"versionEndIncluding" : "5.0%283%29u3%281%29", "versionStartIncluding" : "5.0%283%29u3%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u3%282%29" :
{"versionEndIncluding" : "5.0%283%29u3%282%29", "versionStartIncluding" : "5.0%283%29u3%282%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u3%282a%29" :
{"versionEndIncluding" : "5.0%283%29u3%282a%29", "versionStartIncluding" : "5.0%283%29u3%282a%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u3%282b%29" :
{"versionEndIncluding" : "5.0%283%29u3%282b%29", "versionStartIncluding" : "5.0%283%29u3%282b%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u4%281%29" :
{"versionEndIncluding" : "5.0%283%29u4%281%29", "versionStartIncluding" : "5.0%283%29u4%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u5%281%29" :
{"versionEndIncluding" : "5.0%283%29u5%281%29", "versionStartIncluding" : "5.0%283%29u5%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u5%281a%29" :
{"versionEndIncluding" : "5.0%283%29u5%281a%29", "versionStartIncluding" : "5.0%283%29u5%281a%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u5%281b%29" :
{"versionEndIncluding" : "5.0%283%29u5%281b%29", "versionStartIncluding" : "5.0%283%29u5%281b%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u5%281c%29" :
{"versionEndIncluding" : "5.0%283%29u5%281c%29", "versionStartIncluding" : "5.0%283%29u5%281c%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u5%281d%29" :
{"versionEndIncluding" : "5.0%283%29u5%281d%29", "versionStartIncluding" : "5.0%283%29u5%281d%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%283%29u5%281e%29" :
{"versionEndIncluding" : "5.0%283%29u5%281e%29", "versionStartIncluding" : "5.0%283%29u5%281e%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.0%285%29" :
{"versionEndIncluding" : "5.0%285%29", "versionStartIncluding" : "5.0%285%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.1" :
{"versionEndIncluding" : "5.1", "versionStartIncluding" : "5.1", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.1%281%29" :
{"versionEndIncluding" : "5.1%281%29", "versionStartIncluding" : "5.1%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.1%281a%29" :
{"versionEndIncluding" : "5.1%281a%29", "versionStartIncluding" : "5.1%281a%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.1%282%29" :
{"versionEndIncluding" : "5.1%282%29", "versionStartIncluding" : "5.1%282%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.1%283%29" :
{"versionEndIncluding" : "5.1%283%29", "versionStartIncluding" : "5.1%283%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:4.1.%282%29" :
{"versionEndIncluding" : "4.1.%282%29", "versionStartIncluding" : "4.1.%282%29", "family" : "NXOS"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | nx-os | 4.1.%282%29 | cpe:/o:cisco:nx-os:4.1.%282%29 |
| cisco | nx-os | 5.0 | cpe:/o:cisco:nx-os:5.0 |
| cisco | nx-os | 5.0%282%29 | cpe:/o:cisco:nx-os:5.0%282%29 |
| cisco | nx-os | 5.0%282%29n1%281%29 | cpe:/o:cisco:nx-os:5.0%282%29n1%281%29 |
| cisco | nx-os | 5.0%283%29u5%281c%29 | cpe:/o:cisco:nx-os:5.0%283%29u5%281c%29 |
| cisco | nx-os | 5.0%283%29u5%281d%29 | cpe:/o:cisco:nx-os:5.0%283%29u5%281d%29 |
| cisco | nx-os | 5.0%283%29u5%281e%29 | cpe:/o:cisco:nx-os:5.0%283%29u5%281e%29 |
| cisco | nx-os | 5.0%285%29 | cpe:/o:cisco:nx-os:5.0%285%29 |
| cisco | nx-os | 5.1 | cpe:/o:cisco:nx-os:5.1 |
| cisco | nx-os | 5.1%281%29 | cpe:/o:cisco:nx-os:5.1%281%29 |
Related
nvd
nvd
CVE-2014-3261
2014-05-26 00:25:32
cvelist
cvelist
CVE-2014-3261
2014-05-24 01:00:00
prion
prion
Buffer overflow
2014-05-26 00:25:00
cve
cve
CVE-2014-3261
2014-05-26 00:25:32
openvas
openvas
securityvulns
securityvulns
Cisco NX-OS multiple security vulnerabilities
2014-05-30 00:00:00
nessus
nessus
Cisco NX-OS Multiple Vulnerabilities (cisco-sa-20140521-nxos)
2014-05-30 00:00:00
cisco
cisco
Multiple Vulnerabilities in Cisco NX-OS-Based Products
2014-05-21 16:00:00
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
7.9 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
45.1%
Related for TENABLE_OT_CISCO_CVE-2014-3261.NASL