Cisco NX-OS Software TACACS+ or RADIUS Remote Authentication Directed Request Denial of Service (CVE-2023-20168)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501657);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/22");

  script_cve_id("CVE-2023-20168");

  script_name(english:"Cisco NX-OS Software TACACS+ or RADIUS Remote Authentication Directed Request Denial of Service (CVE-2023-20168)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in TACACS+ and RADIUS remote authentication for Cisco
NX-OS Software could allow an unauthenticated, local attacker to cause
an affected device to unexpectedly reload. This vulnerability is due
to incorrect input validation when processing an authentication
attempt if the directed request option is enabled for TACACS+ or
RADIUS. An attacker could exploit this vulnerability by entering a
crafted string at the login prompt of an affected device. A successful
exploit could allow the attacker to cause the affected device to
unexpectedly reload, resulting in a denial of service (DoS) condition.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-remoteauth-dos-XB6pv74m
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?da4d94d6");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-20168");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20);

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/08/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/19");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%285%29");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%2811%29");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Cisco");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Cisco');

var asset = tenable_ot::assets::get(vendor:'Cisco');

var vuln_cpes = {
    "cpe:/o:cisco:nx-os:9.3%2811%29" :
        {"versionEndExcluding" : "9.3%2811%29", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:10.2%285%29" :
        {"versionEndExcluding" : "10.2%285%29", "versionStartIncluding" : "10.1%281%29", "family" : "NXOS"},
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);