Cisco NX-OS Software NX-API Command Injection (CVE-2022-20650)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501279);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/26");

  script_cve_id("CVE-2022-20650");

  script_name(english:"Cisco NX-OS Software NX-API Command Injection (CVE-2022-20650)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in the NX-API feature of Cisco NX-OS Software could
allow an authenticated, remote attacker to execute arbitrary commands
with root privileges. The vulnerability is due to insufficient input
validation of user supplied data that is sent to the NX-API. An
attacker could exploit this vulnerability by sending a crafted HTTP
POST request to the NX-API of an affected device. A successful exploit
could allow the attacker to execute arbitrary commands with root
privileges on the underlying operating system. Note: The NX-API
feature is disabled by default.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3f616679");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-20650");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(78);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/02/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%281.72%29");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.3%288%29n1%280.4%29");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Cisco");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Cisco');

var asset = tenable_ot::assets::get(vendor:'Cisco');

var vuln_cpes = {
    "cpe:/o:cisco:nx-os:10.2%281.72%29" :
        {"versionEndIncluding" : "10.2%281.72%29", "versionStartIncluding" : "10.2%281.72%29", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:7.3%288%29n1%280.4%29" :
        {"versionEndIncluding" : "7.3%288%29n1%280.4%29", "versionStartIncluding" : "7.3%288%29n1%280.4%29", "family" : "NXOS"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);