6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
47.4%
A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain parameters included within an NX-API request. An attacker that can successfully authenticate to the NX-API could submit a request designed to bypass NX-OS role assignment. A successful exploit could allow the attacker to execute commands with elevated privileges. This vulnerability affects the following if configured to use the NX-API feature: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode.
Cisco Bug IDs: CSCvc73177, CSCve40903, CSCve40911.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501381);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/26");
script_cve_id("CVE-2018-0330");
script_name(english:"Cisco NX-OS Software NX-API Privilege Escalation (CVE-2018-0330)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability in the NX-API management application programming
interface (API) in devices running, or based on, Cisco NX-OS Software
could allow an authenticated, remote attacker to execute commands with
elevated privileges. The vulnerability is due to a failure to properly
validate certain parameters included within an NX-API request. An
attacker that can successfully authenticate to the NX-API could submit
a request designed to bypass NX-OS role assignment. A successful
exploit could allow the attacker to execute commands with elevated
privileges. This vulnerability affects the following if configured to
use the NX-API feature: MDS 9000 Series Multilayer Switches, Nexus
2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform
Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches,
Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700
Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode.
Cisco Bug IDs: CSCvc73177, CSCve40903, CSCve40911.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"http://www.securitytracker.com/id/1041169");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-nxapi
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ca36efb9");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0330");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(78);
script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/20");
script_set_attribute(attribute:"patch_publication_date", value:"2018/06/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:6.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:6.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:8.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:8.2");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Cisco");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Cisco');
var asset = tenable_ot::assets::get(vendor:'Cisco');
var vuln_cpes = {
"cpe:/o:cisco:nx-os:6.0" :
{"versionEndIncluding" : "6.0", "versionStartIncluding" : "6.0", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0" :
{"versionEndIncluding" : "7.0", "versionStartIncluding" : "7.0", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.1" :
{"versionEndIncluding" : "7.1", "versionStartIncluding" : "7.1", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.2" :
{"versionEndIncluding" : "7.2", "versionStartIncluding" : "7.2", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.3%283%29n1%281%29" :
{"versionEndExcluding" : "7.3%283%29n1%281%29", "versionStartIncluding" : "6.0", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:6.2" :
{"versionEndIncluding" : "6.2", "versionStartIncluding" : "6.2", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.3.2d1" :
{"versionEndExcluding" : "7.3.2d1", "versionStartIncluding" : "7.3", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:8.0" :
{"versionEndIncluding" : "8.0", "versionStartIncluding" : "8.0", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:8.1.2" :
{"versionEndExcluding" : "8.1.2", "versionStartIncluding" : "8.1", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:8.2" :
{"versionEndIncluding" : "8.2", "versionStartIncluding" : "8.2", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29i3" :
{"versionEndExcluding" : "7.0%283%29i3", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29i7%281%29" :
{"versionEndExcluding" : "7.0%283%29i7%281%29", "versionStartIncluding" : "7.0%283%29i4", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:5.2" :
{"versionEndIncluding" : "5.2", "versionStartIncluding" : "5.2", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:8.1%281a%29" :
{"versionEndExcluding" : "8.1%281a%29", "versionStartIncluding" : "8.1", "family" : "NXOS"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | nx-os | 5.2 | cpe:/o:cisco:nx-os:5.2 |
cisco | nx-os | 6.0 | cpe:/o:cisco:nx-os:6.0 |
cisco | nx-os | 6.2 | cpe:/o:cisco:nx-os:6.2 |
cisco | nx-os | 7 | cpe:/o:cisco:nx-os:7 |
cisco | nx-os | 7.0 | cpe:/o:cisco:nx-os:7.0 |
cisco | nx-os | 7.1 | cpe:/o:cisco:nx-os:7.1 |
cisco | nx-os | 7.2 | cpe:/o:cisco:nx-os:7.2 |
cisco | nx-os | 8 | cpe:/o:cisco:nx-os:8 |
cisco | nx-os | 8.0 | cpe:/o:cisco:nx-os:8.0 |
cisco | nx-os | 8.2 | cpe:/o:cisco:nx-os:8.2 |
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
47.4%