Lucene search

HistoryJul 25, 2023 - 12:00 a.m.

Cisco FXOS and NX-OS Software Secure Configuration Bypass (CVE-2019-1728)

2023-07-2500:00:00

www.tenable.com

cisco

fxos

nx-os

secure configuration bypass

cve-2019-1728

vulnerability

local attacker

arbitrary commands

root privileges

system boot time

lack of validation

administrative credentials

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An attacker could exploit this vulnerability by authenticating to the device and overwriting the persistent configuration storage with malicious executable files. An exploit could allow the attacker to run arbitrary commands at system startup and those commands will run as the root user. The attacker must have valid administrative credentials for the device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501246);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/26");

  script_cve_id("CVE-2019-1728");

  script_name(english:"Cisco FXOS and NX-OS Software Secure Configuration Bypass (CVE-2019-1728)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in the Secure Configuration Validation functionality
of Cisco FXOS Software and Cisco NX-OS Software could allow an
authenticated, local attacker to run arbitrary commands at system boot
time with the privileges of root. The vulnerability is due to a lack
of proper validation of system files when the persistent configuration
information is read from the file system. An attacker could exploit
this vulnerability by authenticating to the device and overwriting the
persistent configuration storage with malicious executable files. An
exploit could allow the attacker to run arbitrary commands at system
startup and those commands will run as the root user. The attacker
must have valid administrative credentials for the device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/108391");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-conf-bypass
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1a24f9c8");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1728");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(347);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:8");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Cisco");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Cisco');

var asset = tenable_ot::assets::get(vendor:'Cisco');

var vuln_cpes = {
    "cpe:/o:cisco:nx-os:8.1%281b%29" :
        {"versionEndExcluding" : "8.1%281b%29", "versionStartIncluding" : "8.1", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:6.0%282%29a8%2811%29" :
        {"versionEndExcluding" : "6.0%282%29a8%2811%29", "versionStartIncluding" : "6.0%282%29a8", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.0%283%29i7%283%29" :
        {"versionEndExcluding" : "7.0%283%29i7%283%29", "versionStartIncluding" : "7.0%283%29", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.3%284%29n1%281%29" :
        {"versionEndExcluding" : "7.3%284%29n1%281%29", "versionStartIncluding" : "7.3", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:6.2%2822%29" :
        {"versionEndExcluding" : "6.2%2822%29", "versionStartIncluding" : "6.2", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.3%283%29d1%281%29" :
        {"versionEndExcluding" : "7.3%283%29d1%281%29", "versionStartIncluding" : "7.2", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:8.3%281%29" :
        {"versionEndExcluding" : "8.3%281%29", "versionStartIncluding" : "8.0", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:4.0%281a%29" :
        {"versionEndExcluding" : "4.0%281a%29", "versionStartIncluding" : "4.0", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:2.4.1.101" :
        {"versionEndExcluding" : "2.4.1.101", "versionStartIncluding" : "2.4", "family" : "NXOS"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

VendorProductVersionCPE
cisconx-os2cpe:/o:cisco:nx-os:2
cisconx-os4cpe:/o:cisco:nx-os:4
cisconx-os6cpe:/o:cisco:nx-os:6
cisconx-os7cpe:/o:cisco:nx-os:7
cisconx-os8cpe:/o:cisco:nx-os:8

Vendor	Product	Version	CPE
cisco	nx-os	2	cpe:/o:cisco:nx-os:2
cisco	nx-os	4	cpe:/o:cisco:nx-os:4
cisco	nx-os	6	cpe:/o:cisco:nx-os:6
cisco	nx-os	7	cpe:/o:cisco:nx-os:7
cisco	nx-os	8	cpe:/o:cisco:nx-os:8

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1728

www.nessus.org/u?1a24f9c8

www.securityfocus.com/bid/108391

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for TENABLE_OT_CISCO_CVE-2019-1728.NASL