This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_CISCO_CVE-2018-0331.NASLCisco FXOS, NX-OS, and UCS Manager Software Cisco Discovery Protocol Denial of Service (CVE-2018-0331)
6.1 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
6.5 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
23.7%
A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated, adjacent attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly validate certain fields within a Cisco Discovery Protocol message prior to processing it. An attacker with the ability to submit a Cisco Discovery Protocol message designed to trigger the issue could cause a DoS condition on an affected device while the device restarts. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc89242, CSCve40943, CSCve40953, CSCve40965, CSCve40970, CSCve40978, CSCve40992, CSCve41000, CSCve41007.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501388);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/26");
script_cve_id("CVE-2018-0331");
script_name(english:"Cisco FXOS, NX-OS, and UCS Manager Software Cisco Discovery Protocol Denial of Service (CVE-2018-0331)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability in the Cisco Discovery Protocol (formerly known as
CDP) subsystem of devices running, or based on, Cisco NX-OS Software
contain a vulnerability that could allow an unauthenticated, adjacent
attacker to create a denial of service (DoS) condition. The
vulnerability is due to a failure to properly validate certain fields
within a Cisco Discovery Protocol message prior to processing it. An
attacker with the ability to submit a Cisco Discovery Protocol message
designed to trigger the issue could cause a DoS condition on an
affected device while the device restarts. This vulnerability affects
Firepower 4100 Series Next-Generation Firewall, Firepower 9300
Security Appliance, MDS 9000 Series Multilayer Director Switches,
Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services
Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches,
Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500
Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series
Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches,
Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line
Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS
6200 Series Fabric Interconnects, UCS 6300 Series Fabric
Interconnects. Cisco Bug IDs: CSCvc89242, CSCve40943, CSCve40953,
CSCve40965, CSCve40970, CSCve40978, CSCve40992, CSCve41000,
CSCve41007.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-cdp
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?31020d41");
script_set_attribute(attribute:"see_also", value:"http://www.securitytracker.com/id/1041169");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0331");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(20);
script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/21");
script_set_attribute(attribute:"patch_publication_date", value:"2018/06/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:6.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:8.0");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Cisco");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Cisco');
var asset = tenable_ot::assets::get(vendor:'Cisco');
var vuln_cpes = {
"cpe:/o:cisco:nx-os:7.1%285%29n1%281%29" :
{"versionEndExcluding" : "7.1%285%29n1%281%29", "versionStartIncluding" : "7.1", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.3%283%29n1%281%29" :
{"versionEndExcluding" : "7.3%283%29n1%281%29", "versionStartIncluding" : "6.0", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:6.0" :
{"versionEndIncluding" : "6.0", "versionStartIncluding" : "6.0", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0" :
{"versionEndIncluding" : "7.0", "versionStartIncluding" : "7.0", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.2" :
{"versionEndIncluding" : "7.2", "versionStartIncluding" : "7.2", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:6.2%2820%29" :
{"versionEndExcluding" : "6.2%2820%29", "versionStartIncluding" : "6.2", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.2%282%29d1%283%29" :
{"versionEndExcluding" : "7.2%282%29d1%283%29", "versionStartIncluding" : "7.2", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.3%282%29d1%281%29" :
{"versionEndExcluding" : "7.3%282%29d1%281%29", "versionStartIncluding" : "7.3", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:8.1%282%29" :
{"versionEndExcluding" : "8.1%282%29", "versionStartIncluding" : "8.1", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:8.2%281%29" :
{"versionEndExcluding" : "8.2%281%29", "versionStartIncluding" : "8.2", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:8.0" :
{"versionEndIncluding" : "8.0", "versionStartIncluding" : "8.0", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29i3" :
{"versionEndExcluding" : "7.0%283%29i3", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29i7%281%29" :
{"versionEndExcluding" : "7.0%283%29i7%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:8.1%281a%29" :
{"versionEndExcluding" : "8.1%281a%29", "versionStartIncluding" : "5.2", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:2.2%288g%29" :
{"versionEndExcluding" : "2.2%288g%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:3.1%282f%29" :
{"versionEndExcluding" : "3.1%282f%29", "versionStartIncluding" : "2.5", "family" : "NXOS"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | nx-os | 2 | cpe:/o:cisco:nx-os:2 |
| cisco | nx-os | 3 | cpe:/o:cisco:nx-os:3 |
| cisco | nx-os | 6 | cpe:/o:cisco:nx-os:6 |
| cisco | nx-os | 6.0 | cpe:/o:cisco:nx-os:6.0 |
| cisco | nx-os | 7 | cpe:/o:cisco:nx-os:7 |
| cisco | nx-os | 7.0 | cpe:/o:cisco:nx-os:7.0 |
| cisco | nx-os | 7.2 | cpe:/o:cisco:nx-os:7.2 |
| cisco | nx-os | 8 | cpe:/o:cisco:nx-os:8 |
| cisco | nx-os | 8.0 | cpe:/o:cisco:nx-os:8.0 |
Related
6.1 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
6.5 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
23.7%