Cisco NX-OS Software Border Gateway Protocol Denial of Service (CVE-2018-0295)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501319);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/26");

  script_cve_id("CVE-2018-0295");

  script_name(english:"Cisco NX-OS Software Border Gateway Protocol Denial of Service (CVE-2018-0295)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in the Border Gateway Protocol (BGP) implementation of
Cisco NX-OS Software could allow an unauthenticated, remote attacker
to cause a denial of service (DoS) condition due to the device
unexpectedly reloading. The vulnerability is due to incomplete input
validation of the BGP update messages. An attacker could exploit this
vulnerability by sending a crafted BGP update message to the targeted
device. An exploit could allow the attacker to cause the switch to
reload unexpectedly. The Cisco implementation of the BGP protocol only
accepts incoming BGP traffic from explicitly defined peers. To exploit
this vulnerability, an attacker must be able to send the malicious
packets over a TCP connection that appears to come from a trusted BGP
peer or inject malformed messages into the victim's BGP network. This
would require obtaining information about the BGP peers in the
affected system's trusted network. The vulnerability may be triggered
when the router receives a malformed BGP message from a peer on an
existing BGP session. At least one BGP neighbor session must be
established for a router to be vulnerable. This vulnerability affects
Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500
Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform
Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches,
Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000
Series Fabric Switches in Application Centric Infrastructure (ACI)
mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500
R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve79599,
CSCve87784, CSCve91371, CSCve91387.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"http://www.securitytracker.com/id/1041169");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eacb926e");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0295");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(20);

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/06/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0%283%29i7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:8");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Cisco");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Cisco');

var asset = tenable_ot::assets::get(vendor:'Cisco');

var vuln_cpes = {
    "cpe:/o:cisco:nx-os:7.3%283%29n1%281%29" :
        {"versionEndExcluding" : "7.3%283%29n1%281%29", "versionStartIncluding" : "6.0", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:8.1%282%29" :
        {"versionEndExcluding" : "8.1%282%29", "versionStartIncluding" : "6.2", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.0%283%29i3" :
        {"versionEndExcluding" : "7.0%283%29i3", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.0%283%29i7%281%29" :
        {"versionEndExcluding" : "7.0%283%29i7%281%29", "versionStartIncluding" : "7.0%283%29i4", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.0%283%29i4" :
        {"versionEndExcluding" : "7.0%283%29i4", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.0%283%29i6%282%29" :
        {"versionEndExcluding" : "7.0%283%29i6%282%29", "versionStartIncluding" : "7.0%283%29i5", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.0%283%29i7" :
        {"versionEndIncluding" : "7.0%283%29i7", "versionStartIncluding" : "7.0%283%29i7", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.0" :
        {"versionEndIncluding" : "7.0", "versionStartIncluding" : "7.0", "family" : "NXOS"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);