Lucene search

HistoryJul 25, 2023 - 12:00 a.m.

Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1795)

2023-07-2500:00:00

www.tenable.com

vulnerability

cli

cisco

fxos

nx-os

command injection

cve-2019-1795

authenticated

local attacker

arbitrary commands

linux operating system

root privilege

validation

exploit

administrator credentials

tenable.ot

scanner

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501406);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/22");

  script_cve_id("CVE-2019-1795");

  script_name(english:"Cisco FXOS and NX-OS Software Command Injection Vulnerability (CVE-2019-1795)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS
Software could allow an authenticated, local attacker to execute
arbitrary commands on the underlying Linux operating system with the
privilege level of root. The vulnerability is due to insufficient
validation of arguments passed to a specific CLI command on the
affected device. An attacker could exploit this vulnerability by
including malicious input as the argument of an affected command. A
successful exploit could allow the attacker to execute arbitrary
commands on the underlying Linux operating system with elevated
privileges. An attacker would need valid administrator credentials to
exploit this vulnerability.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1795
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d9ac45f1");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/108479");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1795");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(88);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:8");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Cisco");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Cisco');

var asset = tenable_ot::assets::get(vendor:'Cisco');

var vuln_cpes = {
    "cpe:/o:cisco:nx-os:8.2%283%29" :
        {"versionEndExcluding" : "8.2%283%29", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:8.3%281%29" :
        {"versionEndExcluding" : "8.3%281%29", "versionStartIncluding" : "8.3", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.0%283%29i4%288%29" :
        {"versionEndExcluding" : "7.0%283%29i4%288%29", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.3%283%29i7%283%29" :
        {"versionEndExcluding" : "7.3%283%29i7%283%29", "versionStartIncluding" : "7.0%283%29i7", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:6.0%282%29a8%2811%29" :
        {"versionEndExcluding" : "6.0%282%29a8%2811%29", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.0%283%29f3%285%29" :
        {"versionEndExcluding" : "7.0%283%29f3%285%29", "versionStartIncluding" : "7.0%283%29", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.3%284%29n1%281%29" :
        {"versionEndExcluding" : "7.3%284%29n1%281%29", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:6.2%2822%29" :
        {"versionEndExcluding" : "6.2%2822%29", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.3%283%29d1%281%29" :
        {"versionEndExcluding" : "7.3%283%29d1%281%29", "versionStartIncluding" : "7.2", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:3.2%283a%29" :
        {"versionEndExcluding" : "3.2%283a%29", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:4.0%281a%29" :
        {"versionEndExcluding" : "4.0%281a%29", "versionStartIncluding" : "4.0", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:5.2%281%29sv3%284.1%29" :
        {"versionEndExcluding" : "5.2%281%29sv3%284.1%29", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:5.2" :
        {"versionEndExcluding" : "5.2", "family" : "NXOS"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);

VendorProductVersionCPE
cisconx-os3cpe:/o:cisco:nx-os:3
cisconx-os4cpe:/o:cisco:nx-os:4
cisconx-os5cpe:/o:cisco:nx-os:5
cisconx-os6cpe:/o:cisco:nx-os:6
cisconx-os7cpe:/o:cisco:nx-os:7
cisconx-os8cpe:/o:cisco:nx-os:8

Vendor	Product	Version	CPE
cisco	nx-os	3	cpe:/o:cisco:nx-os:3
cisco	nx-os	4	cpe:/o:cisco:nx-os:4
cisco	nx-os	5	cpe:/o:cisco:nx-os:5
cisco	nx-os	6	cpe:/o:cisco:nx-os:6
cisco	nx-os	7	cpe:/o:cisco:nx-os:7
cisco	nx-os	8	cpe:/o:cisco:nx-os:8

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1795

www.nessus.org/u?d9ac45f1

www.securityfocus.com/bid/108479

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for TENABLE_OT_CISCO_CVE-2019-1795.NASL