Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_CISCO_CVE-2021-1361.NASLHistoryJul 25, 2023 - 12:00 a.m.
Cisco NX-OS Software Unauthenticated Arbitrary File Actions (CVE-2021-1361)
2023-07-2500:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075. A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration. For example, the attacker could add a user account without the device administrator knowing.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501240);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/26");
script_cve_id("CVE-2021-1361");
script_name(english:"Cisco NX-OS Software Unauthenticated Arbitrary File Actions (CVE-2021-1361)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability in the implementation of an internal file management
service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000
Series Switches in standalone NX-OS mode that are running Cisco NX-OS
Software could allow an unauthenticated, remote attacker to create,
delete, or overwrite arbitrary files with root privileges on the
device. This vulnerability exists because TCP port 9075 is incorrectly
configured to listen and respond to external connection requests. An
attacker could exploit this vulnerability by sending crafted TCP
packets to an IP address that is configured on a local interface on
TCP port 9075. A successful exploit could allow the attacker to
create, delete, or overwrite arbitrary files, including sensitive
files that are related to the device configuration. For example, the
attacker could add a user account without the device administrator
knowing.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2770321c");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-1361");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(552);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/02/24");
script_set_attribute(attribute:"patch_publication_date", value:"2021/02/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%285%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%286%29");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Cisco");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Cisco');
var asset = tenable_ot::assets::get(vendor:'Cisco');
var vuln_cpes = {
"cpe:/o:cisco:nx-os:9.3%285%29" :
{"versionEndIncluding" : "9.3%285%29", "versionStartIncluding" : "9.3%285%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.3%286%29" :
{"versionEndIncluding" : "9.3%286%29", "versionStartIncluding" : "9.3%286%29", "family" : "NXOS"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | nx-os | 9.3%285%29 | cpe:/o:cisco:nx-os:9.3%285%29 |
| cisco | nx-os | 9.3%286%29 | cpe:/o:cisco:nx-os:9.3%286%29 |
Related
prion
prion
Information disclosure
2021-02-24 20:15:00
cvelist
cvelist
nessus
nessus
cisco
cisco
Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability
2021-02-24 16:00:00
cve
cve
CVE-2021-1361
2021-02-24 20:15:00
rapid7blog
rapid7blog
thn
thn
Cisco Releases Security Patches for Critical Flaws Affecting its Products
2021-02-26 08:11:00
Related for TENABLE_OT_CISCO_CVE-2021-1361.NASL