Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1784)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501350);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/22");

  script_cve_id("CVE-2019-1784");

  script_name(english:"Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1784)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in the CLI of Cisco NX-OS Software could allow an
authenticated, local attacker to execute arbitrary commands on the
underlying Linux operating system with the privilege level of root.
The vulnerability is due to insufficient validation of arguments
passed to a specific CLI command on the affected device. An attacker
could exploit this vulnerability by including malicious input as the
argument of an affected command. A successful exploit could allow the
attacker to execute arbitrary commands on the underlying Linux
operating system with elevated privileges. An attacker would need
valid administrator credentials to exploit this vulnerability.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/108369");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmd-inject-1784
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7eb8d386");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1784");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(88);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:8");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Cisco");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Cisco');

var asset = tenable_ot::assets::get(vendor:'Cisco');

var vuln_cpes = {
    "cpe:/o:cisco:nx-os:7.3%285%29n1%281%29" :
        {"versionEndExcluding" : "7.3%285%29n1%281%29", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.3%283%29d1%281%29" :
        {"versionEndExcluding" : "7.3%283%29d1%281%29", "versionStartIncluding" : "7.2", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:8.2%283%29" :
        {"versionEndExcluding" : "8.2%283%29", "versionStartIncluding" : "8.0", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:8.3%281%29" :
        {"versionEndExcluding" : "8.3%281%29", "versionStartIncluding" : "8.3", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:4.0%281a%29" :
        {"versionEndExcluding" : "4.0%281a%29", "family" : "NXOS"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);