Cisco FXOS and NX-OS Software Unauthorized Directory Access (CVE-2019-1600)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501366);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/26");

  script_cve_id("CVE-2019-1600");

  script_name(english:"Cisco FXOS and NX-OS Software Unauthorized Directory Access (CVE-2019-1600)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in the file system permissions of Cisco FXOS Software
and Cisco NX-OS Software could allow an authenticated, local attacker
to access sensitive information that is stored in the file system of
an affected system. The vulnerability is due to improper
implementation of file system permissions. An attacker could exploit
this vulnerability by accessing and modifying restricted files. A
successful exploit could allow the attacker to access sensitive and
critical files. Firepower 4100 Series Next-Generation Firewalls are
affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300
Series Next-Generation Firewalls are affected in versions prior to
2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are
affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000
Series Switches are affected in versions prior to 7.0(3)I4(9) and
7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions
prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches
are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600,
and 6000 Series Switches are affected in versions prior to
7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are
affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus
9000 Series Switches-Standalone are affected in versions prior to
7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric
Modules are affected in versions prior to 7.0(3)F3(5).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?afced2af");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/107404");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/107399");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1600");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(732);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:8");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Cisco");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Cisco');

var asset = tenable_ot::assets::get(vendor:'Cisco');

var vuln_cpes = {
    "cpe:/o:cisco:nx-os:8.3%281%29" :
        {"versionEndExcluding" : "8.3%281%29", "versionStartIncluding" : "8.2", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.0%283%29i7%284%29" :
        {"versionEndExcluding" : "7.0%283%29i7%284%29", "versionStartIncluding" : "7.0%283%29", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.0%283%29f3%285%29" :
        {"versionEndExcluding" : "7.0%283%29f3%285%29", "versionStartIncluding" : "7.0%283%29f1", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.3%283%29n1%281%29" :
        {"versionEndExcluding" : "7.3%283%29n1%281%29", "versionStartIncluding" : "7.2", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:8.2%283%29" :
        {"versionEndExcluding" : "8.2%283%29", "versionStartIncluding" : "8.0", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:8.1%281b%29" :
        {"versionEndExcluding" : "8.1%281b%29", "versionStartIncluding" : "7.3", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:6.2%2825%29" :
        {"versionEndExcluding" : "6.2%2825%29", "versionStartIncluding" : "5.2.", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.0%283%29i4%289%29" :
        {"versionEndExcluding" : "7.0%283%29i4%289%29", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:6.0%282%29a8%2810%29" :
        {"versionEndExcluding" : "6.0%282%29a8%2810%29", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.1%285%29n1%281b%29" :
        {"versionEndExcluding" : "7.1%285%29n1%281b%29", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.3%283%29d1%281%29" :
        {"versionEndExcluding" : "7.3%283%29d1%281%29", "versionStartIncluding" : "7.2", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:6.2%2822%29" :
        {"versionEndExcluding" : "6.2%2822%29", "family" : "NXOS"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_NOTE);