This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_CISCO_CVE-2018-0306.NASLCisco NX-OS Software CLI Arbitrary Command Execution (CVE-2018-0306)
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.2%
A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. Note: This vulnerability requires that any feature license is uploaded to the device. The vulnerability does not require that the license be used. This vulnerability affects MDS 9000 Series Multilayer Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs:
CSCve51693, CSCve91634, CSCve91659, CSCve91663.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501415);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/26");
script_cve_id("CVE-2018-0306");
script_name(english:"Cisco NX-OS Software CLI Arbitrary Command Execution (CVE-2018-0306)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability in the CLI parser of Cisco NX-OS Software could allow
an authenticated, local attacker to perform a command-injection attack
on an affected device. The vulnerability is due to insufficient input
validation of command arguments. An attacker could exploit this
vulnerability by injecting malicious command arguments into a
vulnerable CLI command. A successful exploit could allow the attacker
to execute arbitrary commands with root privileges on the affected
device. Note: This vulnerability requires that any feature license is
uploaded to the device. The vulnerability does not require that the
license be used. This vulnerability affects MDS 9000 Series Multilayer
Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud
Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3000
Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform
Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches,
Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700
Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode,
Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs:
CSCve51693, CSCve91634, CSCve91659, CSCve91663.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"http://www.securitytracker.com/id/1041169");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-execution
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ea7fd148");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0306");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(78);
script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/21");
script_set_attribute(attribute:"patch_publication_date", value:"2018/06/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:6.0%282%29a8%283%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:8.1%280%29bd%280.20%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:8.1%280.2%29s0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:8.1%280.59%29s0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:8.1%281%29");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Cisco");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Cisco');
var asset = tenable_ot::assets::get(vendor:'Cisco');
var vuln_cpes = {
"cpe:/o:cisco:nx-os:7.3%283%29n1%281%29" :
{"versionEndExcluding" : "7.3%283%29n1%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:8.1%280.2%29s0" :
{"versionEndIncluding" : "8.1%280.2%29s0", "versionStartIncluding" : "8.1%280.2%29s0", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:8.1%280%29bd%280.20%29" :
{"versionEndIncluding" : "8.1%280%29bd%280.20%29", "versionStartIncluding" : "8.1%280%29bd%280.20%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:8.1%280.59%29s0" :
{"versionEndIncluding" : "8.1%280.59%29s0", "versionStartIncluding" : "8.1%280.59%29s0", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:8.1%281%29" :
{"versionEndIncluding" : "8.1%281%29", "versionStartIncluding" : "8.1%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:6.0%282%29a8%283%29" :
{"versionEndIncluding" : "6.0%282%29a8%283%29", "versionStartIncluding" : "6.0%282%29a8%283%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.2%281%29sv3%283.15%29" :
{"versionEndExcluding" : "5.2%281%29sv3%283.15%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:8.1%281a%29" :
{"versionEndExcluding" : "8.1%281a%29", "family" : "NXOS"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.2%