5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
49.3%
A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP polling that should have been denied. The attacker has no control of the configuration of the SNMP ACL name.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501320);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/26");
script_cve_id("CVE-2019-1969");
script_name(english:"Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass (CVE-2019-1969)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability in the implementation of the Simple Network Management
Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS
Software could allow an unauthenticated, remote attacker to perform
SNMP polling of an affected device, even if it is configured to deny
SNMP traffic. The vulnerability is due to an incorrect length check
when the configured ACL name is the maximum length, which is 32 ASCII
characters. An attacker could exploit this vulnerability by performing
SNMP polling of an affected device. A successful exploit could allow
the attacker to perform SNMP polling that should have been denied. The
attacker has no control of the configuration of the SNMP ACL name.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-snmp-bypass
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?307f0135");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1969");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(20);
script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/30");
script_set_attribute(attribute:"patch_publication_date", value:"2019/08/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0%283%29f");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0%283%29i7%283%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.2%282%29");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Cisco");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Cisco');
var asset = tenable_ot::assets::get(vendor:'Cisco');
var vuln_cpes = {
"cpe:/o:cisco:nx-os:7.0%283%29i7%283%29" :
{"versionEndIncluding" : "7.0%283%29i7%283%29", "versionStartIncluding" : "7.0%283%29i7%283%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.2%282%29" :
{"versionEndIncluding" : "9.2%282%29", "versionStartIncluding" : "9.2%282%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29f" :
{"versionEndIncluding" : "7.0%283%29f", "versionStartIncluding" : "7.0%283%29f", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.2" :
{"versionEndIncluding" : "9.2", "versionStartIncluding" : "9.2", "family" : "NXOS"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | nx-os | 7.0%283%29f | cpe:/o:cisco:nx-os:7.0%283%29f |
cisco | nx-os | 7.0%283%29i7%283%29 | cpe:/o:cisco:nx-os:7.0%283%29i7%283%29 |
cisco | nx-os | 9.2 | cpe:/o:cisco:nx-os:9.2 |
cisco | nx-os | 9.2%282%29 | cpe:/o:cisco:nx-os:9.2%282%29 |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
49.3%