Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_CISCO_CVE-2024-20321.NASLHistoryMar 08, 2024 - 12:00 a.m.
Cisco NX-OS Allocation of Resources Without Limits or Throttling (CVE-2024-20321)
2024-03-0800:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
cisco nx-os
ebgp implementation
denial of service
unauthenticated attacker
network traffic mapping
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
17.0%
A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. A successful exploit could allow the attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition in the network.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(502083);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/08");
script_cve_id("CVE-2024-20321");
script_name(english:"Cisco NX-OS Allocation of Resources Without Limits or Throttling (CVE-2024-20321)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability in the External Border Gateway Protocol (eBGP)
implementation of Cisco NX-OS Software could allow an unauthenticated,
remote attacker to cause a denial of service (DoS) condition on an
affected device. This vulnerability exists because eBGP traffic is
mapped to a shared hardware rate-limiter queue. An attacker could
exploit this vulnerability by sending large amounts of network traffic
with certain characteristics through an affected device. A successful
exploit could allow the attacker to cause eBGP neighbor sessions to be
dropped, leading to a DoS condition in the network.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ebgp-dos-L3QCwVJ
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1e3d5bb2");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20321");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(400, 770);
script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/29");
script_set_attribute(attribute:"patch_publication_date", value:"2024/02/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/08");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.1%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.1%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.1%282t%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%281q%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%283%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%283t%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%283v%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%284%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%285%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%286%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.3%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.3%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.3%283%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.3%284a%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.3%2899w%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.3%2899x%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.4%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0%283%29f1%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0%283%29f2%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0%283%29f2%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0%283%29f3%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0%283%29f3%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0%283%29f3%283%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0%283%29f3%283a%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0%283%29f3%283c%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0%283%29f3%284%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:7.0%283%29f3%285%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.2%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.2%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.2%282t%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.2%282v%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.2%283%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.2%284%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%2810%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%2811%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%2812%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%283%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%284%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%285%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%286%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%287%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%287a%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%288%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%289%29");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Cisco");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Cisco');
var asset = tenable_ot::assets::get(vendor:'Cisco');
var vuln_cpes = {
"cpe:/o:cisco:nx-os:7.0%283%29f1%281%29" :
{"versionEndIncluding" : "7.0%283%29f1%281%29", "versionStartIncluding" : "7.0%283%29f1%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29f2%281%29" :
{"versionEndIncluding" : "7.0%283%29f2%281%29", "versionStartIncluding" : "7.0%283%29f2%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29f2%282%29" :
{"versionEndIncluding" : "7.0%283%29f2%282%29", "versionStartIncluding" : "7.0%283%29f2%282%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29f3%281%29" :
{"versionEndIncluding" : "7.0%283%29f3%281%29", "versionStartIncluding" : "7.0%283%29f3%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29f3%282%29" :
{"versionEndIncluding" : "7.0%283%29f3%282%29", "versionStartIncluding" : "7.0%283%29f3%282%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29f3%283%29" :
{"versionEndIncluding" : "7.0%283%29f3%283%29", "versionStartIncluding" : "7.0%283%29f3%283%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29f3%283a%29" :
{"versionEndIncluding" : "7.0%283%29f3%283a%29", "versionStartIncluding" : "7.0%283%29f3%283a%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29f3%283c%29" :
{"versionEndIncluding" : "7.0%283%29f3%283c%29", "versionStartIncluding" : "7.0%283%29f3%283c%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29f3%284%29" :
{"versionEndIncluding" : "7.0%283%29f3%284%29", "versionStartIncluding" : "7.0%283%29f3%284%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:7.0%283%29f3%285%29" :
{"versionEndIncluding" : "7.0%283%29f3%285%29", "versionStartIncluding" : "7.0%283%29f3%285%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.2%281%29" :
{"versionEndIncluding" : "9.2%281%29", "versionStartIncluding" : "9.2%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.2%282%29" :
{"versionEndIncluding" : "9.2%282%29", "versionStartIncluding" : "9.2%282%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.2%282t%29" :
{"versionEndIncluding" : "9.2%282t%29", "versionStartIncluding" : "9.2%282t%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.2%282v%29" :
{"versionEndIncluding" : "9.2%282v%29", "versionStartIncluding" : "9.2%282v%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.2%283%29" :
{"versionEndIncluding" : "9.2%283%29", "versionStartIncluding" : "9.2%283%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.2%284%29" :
{"versionEndIncluding" : "9.2%284%29", "versionStartIncluding" : "9.2%284%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.3%281%29" :
{"versionEndIncluding" : "9.3%281%29", "versionStartIncluding" : "9.3%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.3%282%29" :
{"versionEndIncluding" : "9.3%282%29", "versionStartIncluding" : "9.3%282%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.3%283%29" :
{"versionEndIncluding" : "9.3%283%29", "versionStartIncluding" : "9.3%283%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.3%284%29" :
{"versionEndIncluding" : "9.3%284%29", "versionStartIncluding" : "9.3%284%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.3%285%29" :
{"versionEndIncluding" : "9.3%285%29", "versionStartIncluding" : "9.3%285%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.3%286%29" :
{"versionEndIncluding" : "9.3%286%29", "versionStartIncluding" : "9.3%286%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.3%287%29" :
{"versionEndIncluding" : "9.3%287%29", "versionStartIncluding" : "9.3%287%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.3%287a%29" :
{"versionEndIncluding" : "9.3%287a%29", "versionStartIncluding" : "9.3%287a%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.3%288%29" :
{"versionEndIncluding" : "9.3%288%29", "versionStartIncluding" : "9.3%288%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.3%289%29" :
{"versionEndIncluding" : "9.3%289%29", "versionStartIncluding" : "9.3%289%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.3%2810%29" :
{"versionEndIncluding" : "9.3%2810%29", "versionStartIncluding" : "9.3%2810%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.3%2811%29" :
{"versionEndIncluding" : "9.3%2811%29", "versionStartIncluding" : "9.3%2811%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.3%2812%29" :
{"versionEndIncluding" : "9.3%2812%29", "versionStartIncluding" : "9.3%2812%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.1%281%29" :
{"versionEndIncluding" : "10.1%281%29", "versionStartIncluding" : "10.1%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.1%282%29" :
{"versionEndIncluding" : "10.1%282%29", "versionStartIncluding" : "10.1%282%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.1%282t%29" :
{"versionEndIncluding" : "10.1%282t%29", "versionStartIncluding" : "10.1%282t%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.2%281%29" :
{"versionEndIncluding" : "10.2%281%29", "versionStartIncluding" : "10.2%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.2%281q%29" :
{"versionEndIncluding" : "10.2%281q%29", "versionStartIncluding" : "10.2%281q%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.2%282%29" :
{"versionEndIncluding" : "10.2%282%29", "versionStartIncluding" : "10.2%282%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.2%283%29" :
{"versionEndIncluding" : "10.2%283%29", "versionStartIncluding" : "10.2%283%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.2%283t%29" :
{"versionEndIncluding" : "10.2%283t%29", "versionStartIncluding" : "10.2%283t%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.2%283v%29" :
{"versionEndIncluding" : "10.2%283v%29", "versionStartIncluding" : "10.2%283v%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.2%284%29" :
{"versionEndIncluding" : "10.2%284%29", "versionStartIncluding" : "10.2%284%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.2%285%29" :
{"versionEndIncluding" : "10.2%285%29", "versionStartIncluding" : "10.2%285%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.2%286%29" :
{"versionEndIncluding" : "10.2%286%29", "versionStartIncluding" : "10.2%286%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.3%281%29" :
{"versionEndIncluding" : "10.3%281%29", "versionStartIncluding" : "10.3%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.3%282%29" :
{"versionEndIncluding" : "10.3%282%29", "versionStartIncluding" : "10.3%282%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.3%283%29" :
{"versionEndIncluding" : "10.3%283%29", "versionStartIncluding" : "10.3%283%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.3%284a%29" :
{"versionEndIncluding" : "10.3%284a%29", "versionStartIncluding" : "10.3%284a%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.3%2899w%29" :
{"versionEndIncluding" : "10.3%2899w%29", "versionStartIncluding" : "10.3%2899w%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.3%2899x%29" :
{"versionEndIncluding" : "10.3%2899x%29", "versionStartIncluding" : "10.3%2899x%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.4%281%29" :
{"versionEndIncluding" : "10.4%281%29", "versionStartIncluding" : "10.4%281%29", "family" : "NXOS"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Related
cvelist
cvelist
CVE-2024-20321
2024-02-28 16:14:28
cisco
cisco
vulnrichment
vulnrichment
CVE-2024-20321
2024-02-28 16:14:28
prion
prion
Design/Logic Flaw
2024-02-29 01:43:00
nvd
nvd
CVE-2024-20321
2024-02-29 01:43:59
cve
cve
CVE-2024-20321
2024-02-29 01:43:59
nessus
nessus
Cisco Nexus 3600 External BGP DoS (cisco-sa-nxos-po-acl-TkyePgvL)
2024-03-01 00:00:00
CVSS3
8.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
7.3
Confidence
High
EPSS
0.001
Percentile
17.0%
Related for TENABLE_OT_CISCO_CVE-2024-20321.NASL