7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
48.2%
A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update messages. An attacker could exploit this vulnerability by sending a crafted BGP update message to the targeted device. An exploit could allow the attacker to cause the switch to reload unexpectedly. The Cisco implementation of the BGP protocol only accepts incoming BGP traffic from explicitly defined peers. To exploit this vulnerability, an attacker must be able to send the malicious packets over a TCP connection that appears to come from a trusted BGP peer or inject malformed messages into the victim’s BGP network. This would require obtaining information about the BGP peers in the affected system’s trusted network. The vulnerability may be triggered when the router receives a malformed BGP message from a peer on an existing BGP session. At least one BGP neighbor session must be established for a router to be vulnerable. This vulnerability affects Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve79599, CSCve87784, CSCve91371, CSCve91387.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501319);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/26");
script_cve_id("CVE-2018-0295");
script_name(english:"Cisco NX-OS Software Border Gateway Protocol Denial of Service (CVE-2018-0295)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability in the Border Gateway Protocol (BGP) implementation of
Cisco NX-OS Software could allow an unauthenticated, remote attacker
to cause a denial of service (DoS) condition due to the device
unexpectedly reloading. The vulnerability is due to incomplete input
validation of the BGP update messages. An attacker could exploit this
vulnerability by sending a crafted BGP update message to the targeted
device. An exploit could allow the attacker to cause the switch to
reload unexpectedly. The Cisco implementation of the BGP protocol only
accepts incoming BGP traffic from explicitly defined peers. To exploit
this vulnerability, an attacker must be able to send the malicious
packets over a TCP connection that appears to come from a trusted BGP
peer or inject malformed messages into the victim's BGP network. This
would require obtaining information about the BGP peers in the
affected system's trusted network. The vulnerability may be triggered
when the router receives a malformed BGP message from a peer on an
existing BGP session. At least one BGP neighbor session must be
established for a router to be vulnerable. This vulnerability affects
Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500
Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform
Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches,
Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000
Series Fabric Switches in Application Centric Infrastructure (ACI)
mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500
R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve79599,
CSCve87784, CSCve91371, CSCve91387.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"http://www.securitytracker.com/id/1041169");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eacb926e");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0295");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(20);
script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/20");
script_set_attribute(attribute:"patch_publication_date", value:"2018/06/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0%283%29i7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:8");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Cisco");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Cisco');
var asset = tenable_ot::assets::get(vendor:'Cisco');
var vuln_cpes = {
"cpe:/o:cisco:nx-os:7.3%283%29n1%281%29" :
{"versionEndExcluding" : "7.3%283%29n1%281%29", "versionStartIncluding" : "6.0", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:8.1%282%29" :
{"versionEndExcluding" : "8.1%282%29", "versionStartIncluding" : "6.2", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29i3" :
{"versionEndExcluding" : "7.0%283%29i3", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29i7%281%29" :
{"versionEndExcluding" : "7.0%283%29i7%281%29", "versionStartIncluding" : "7.0%283%29i4", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29i4" :
{"versionEndExcluding" : "7.0%283%29i4", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29i6%282%29" :
{"versionEndExcluding" : "7.0%283%29i6%282%29", "versionStartIncluding" : "7.0%283%29i5", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29i7" :
{"versionEndIncluding" : "7.0%283%29i7", "versionStartIncluding" : "7.0%283%29i7", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0" :
{"versionEndIncluding" : "7.0", "versionStartIncluding" : "7.0", "family" : "NXOS"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
48.2%