Cisco Unified Computing System Fabric Interconnect root Privilege Escalation (CVE-2019-1966)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501359);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/26");

  script_cve_id("CVE-2019-1966");

  script_name(english:"Cisco Unified Computing System Fabric Interconnect root Privilege Escalation (CVE-2019-1966)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in a specific CLI command within the local management
(local-mgmt) context for Cisco UCS Fabric Interconnect Software could
allow an authenticated, local attacker to gain elevated privileges as
the root user on an affected device. The vulnerability is due to
extraneous subcommand options present for a specific CLI command
within the local-mgmt context. An attacker could exploit this
vulnerability by authenticating to an affected device, entering the
local-mgmt context, and issuing a specific CLI command and submitting
user input. A successful exploit could allow the attacker to execute
arbitrary operating system commands as root on an affected device. The
attacker would need to have valid user credentials for the device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-ucs-privescalation
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?76654610");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1966");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/08/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:4.0");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Cisco");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Cisco');

var asset = tenable_ot::assets::get(vendor:'Cisco');

var vuln_cpes = {
    "cpe:/o:cisco:nx-os" :
        {"versionEndIncluding" : "3.2", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:4.0" :
        {"versionEndIncluding" : "4.0", "versionStartIncluding" : "4.0", "family" : "NXOS"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);