New Flaws Discovered in Cisco's Network Operating System for Switches

2022-02-25T05:06:00

Description

[![Cisco Network Operating System for Switches](https://thehackernews.com/new-images/img/a/AVvXsEh3DWs217mMaBY2vY6wIs-0wnyYIgvuxtoBHk4tL_cKviCNlCZMxk9yLH4DmyfdtMMF8gc4YzTOnfzFPEbdLZHrToYmlngV3xaZsEpRKCKa_stTCJZsZ0AIo4iS_MXsgCUKiaIlVyZEOyGRzc9y5rBKzclM-sGm4NJI21MLYnKPEHmyr71xbF9h6zb8=s728-e1000)](<https://thehackernews.com/new-images/img/a/AVvXsEh3DWs217mMaBY2vY6wIs-0wnyYIgvuxtoBHk4tL_cKviCNlCZMxk9yLH4DmyfdtMMF8gc4YzTOnfzFPEbdLZHrToYmlngV3xaZsEpRKCKa_stTCJZsZ0AIo4iS_MXsgCUKiaIlVyZEOyGRzc9y5rBKzclM-sGm4NJI21MLYnKPEHmyr71xbF9h6zb8>) Cisco has released software updates to address four security vulnerabilities in its software that could be weaponized by malicious actors to take control of affected systems. The most critical of the flaws is [CVE-2022-20650](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2>) (CVSS score: 8.8), which relates to a command injection flaw in the NX-API feature of Cisco NX-OS Software that stems from a lack of sufficient input validation of user-supplied data. "An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device," Cisco said. "A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system." The flaw impacts Nexus 3000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, and Nexus 9000 Series Switches in standalone NX-OS mode running Cisco NX-OS Software that have the NX-API feature enabled. Also patched are two high-severity denial-of-service (DoS) bugs in NX-OS – [CVE-2022-20624](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr>) and [CVE-2022-20623](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn>) (CVSS scores: 8.6) – found in the Cisco Fabric Services Over IP ([CFSoIP](<https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/vxlan/93x/b-cisco-nexus-3000-series-nx-os-vxlan-configuration-guide-93x/b-cisco-nexus-3000-series-nx-os-vxlan-configuration-guide-93x_chapter_0110.html>)) and Bidirectional Forwarding Detection ([BFD](<https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fs_bfd.html>)) traffic functions. CVE-2022-20624, which was reported to Cisco by the U.S. National Security Agency (NSA), impacts Nexus 3000 and 9000 Series Switches and UCS 6400 Series Fabric Interconnects, assuming CFSoIP is enabled. CVE-2022-20623, on the other hand, only affects Nexus 9000 Series Switches that have BFD toggled on. Lastly, the networking equipment maker also patched a third DoS vulnerability ([CVE-2022-20625](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-dos-G8DPLWYG>), CVSS score: 4.3) in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software, which could "allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition." Cisco said that it's not aware of "any public announcements or malicious use" of the aforementioned vulnerabilities. That said, it's recommended that users move quickly to apply the necessary updates to prevent potential real-world exploitation. Found this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter __](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.

{"id": "THN:762233030CBE47FB7592952376BBD5A8", "vendorId": null, "type": "thn", "bulletinFamily": "info", "title": "New Flaws Discovered in Cisco's Network Operating System for Switches", "description": "[![Cisco Network Operating System for Switches](https://thehackernews.com/new-images/img/a/AVvXsEh3DWs217mMaBY2vY6wIs-0wnyYIgvuxtoBHk4tL_cKviCNlCZMxk9yLH4DmyfdtMMF8gc4YzTOnfzFPEbdLZHrToYmlngV3xaZsEpRKCKa_stTCJZsZ0AIo4iS_MXsgCUKiaIlVyZEOyGRzc9y5rBKzclM-sGm4NJI21MLYnKPEHmyr71xbF9h6zb8=s728-e1000)](<https://thehackernews.com/new-images/img/a/AVvXsEh3DWs217mMaBY2vY6wIs-0wnyYIgvuxtoBHk4tL_cKviCNlCZMxk9yLH4DmyfdtMMF8gc4YzTOnfzFPEbdLZHrToYmlngV3xaZsEpRKCKa_stTCJZsZ0AIo4iS_MXsgCUKiaIlVyZEOyGRzc9y5rBKzclM-sGm4NJI21MLYnKPEHmyr71xbF9h6zb8>)\n\nCisco has released software updates to address four security vulnerabilities in its software that could be weaponized by malicious actors to take control of affected systems.\n\nThe most critical of the flaws is [CVE-2022-20650](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2>) (CVSS score: 8.8), which relates to a command injection flaw in the NX-API feature of Cisco NX-OS Software that stems from a lack of sufficient input validation of user-supplied data.\n\n\"An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device,\" Cisco said. \"A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.\"\n\nThe flaw impacts Nexus 3000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, and Nexus 9000 Series Switches in standalone NX-OS mode running Cisco NX-OS Software that have the NX-API feature enabled.\n\nAlso patched are two high-severity denial-of-service (DoS) bugs in NX-OS \u2013 [CVE-2022-20624](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr>) and [CVE-2022-20623](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn>) (CVSS scores: 8.6) \u2013 found in the Cisco Fabric Services Over IP ([CFSoIP](<https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/vxlan/93x/b-cisco-nexus-3000-series-nx-os-vxlan-configuration-guide-93x/b-cisco-nexus-3000-series-nx-os-vxlan-configuration-guide-93x_chapter_0110.html>)) and Bidirectional Forwarding Detection ([BFD](<https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fs_bfd.html>)) traffic functions.\n\nCVE-2022-20624, which was reported to Cisco by the U.S. National Security Agency (NSA), impacts Nexus 3000 and 9000 Series Switches and UCS 6400 Series Fabric Interconnects, assuming CFSoIP is enabled. CVE-2022-20623, on the other hand, only affects Nexus 9000 Series Switches that have BFD toggled on.\n\nLastly, the networking equipment maker also patched a third DoS vulnerability ([CVE-2022-20625](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-dos-G8DPLWYG>), CVSS score: 4.3) in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software, which could \"allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition.\"\n\nCisco said that it's not aware of \"any public announcements or malicious use\" of the aforementioned vulnerabilities. That said, it's recommended that users move quickly to apply the necessary updates to prevent potential real-world exploitation.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2022-02-25T05:06:00", "modified": "2022-02-25T05:06:48", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.0}, "severity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://thehackernews.com/2022/02/new-flaws-discovered-in-ciscos-network.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2022-20623", "CVE-2022-20624", "CVE-2022-20625", "CVE-2022-20650"], "immutableFields": [], "lastseen": "2022-05-09T12:37:31", "viewCount": 155, "enchantments": {"backreferences": {"references": [{"type": "cisco", "idList": ["CISCO-SA-CDP-DOS-G8DPLWYG", "CISCO-SA-CFSOIP-DOS-TPYKYDR", "CISCO-SA-NXOS-BFD-DOS-WGQXRZXN", "CISCO-SA-NXOS-NXAPI-CMDINJECT-ULUKNMZ2"]}, {"type": "cve", "idList": ["CVE-2022-20623", "CVE-2022-20624", "CVE-2022-20625", "CVE-2022-20650"]}, {"type": "nessus", "idList": ["CISCO-SA-NXOS-NXAPI-CMDINJECT-ULUKNMZ2.NASL"]}]}, "dependencies": {"references": [{"type": "cisco", "idList": ["CISCO-SA-CDP-DOS-G8DPLWYG", "CISCO-SA-CFSOIP-DOS-TPYKYDR", "CISCO-SA-NXOS-BFD-DOS-WGQXRZXN", "CISCO-SA-NXOS-NXAPI-CMDINJECT-ULUKNMZ2"]}, {"type": "cve", "idList": ["CVE-2022-20623", "CVE-2022-20624", "CVE-2022-20625", "CVE-2022-20650"]}, {"type": "nessus", "idList": ["CISCO-SA-CFSOIP-DOS-TPYKYDR.NASL", "CISCO-SA-NXOS-BFD-DOS-WGQXRZXN.NASL", "CISCO-SA-NXOS-NXAPI-CMDINJECT-ULUKNMZ2.NASL"]}]}, "score": {"value": 0.9, "vector": "NONE"}, "epss": [{"cve": "CVE-2022-20623", "epss": "0.000690000", "percentile": "0.281780000", "modified": "2023-03-18"}, {"cve": "CVE-2022-20624", "epss": "0.000830000", "percentile": "0.336550000", "modified": "2023-03-18"}, {"cve": "CVE-2022-20625", "epss": "0.000440000", "percentile": "0.105070000", "modified": "2023-03-18"}, {"cve": "CVE-2022-20650", "epss": "0.000900000", "percentile": "0.368050000", "modified": "2023-03-18"}], "vulnersScore": 0.9}, "_state": {"dependencies": 1659964613, "score": 1659964867, "epss": 1679179052}, "_internal": {"score_hash": "98f4c05fb35fc3537c863632a79670a6"}}

{"cve": [{"lastseen": "2023-02-09T14:04:39", "description": "A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-23T18:15:00", "type": "cve", "title": "CVE-2022-20624", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20624"], "modified": "2022-03-07T15:08:00", "cpe": ["cpe:/o:cisco:nx-os:9.2\\(3\\)", "cpe:/o:cisco:nx-os:9.3\\(5\\)", "cpe:/o:cisco:nx-os:7.0\\(3\\)", "cpe:/o:cisco:nx-os:9.2\\(2\\)", "cpe:/o:cisco:nx-os:4.1\\(1a\\)a", "cpe:/o:cisco:nx-os:9.3\\(3\\)"], "id": "CVE-2022-20624", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20624", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:cisco:nx-os:4.1\\(1a\\)a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.2\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(5\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.0\\(3\\):*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:04:40", "description": "A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-02-23T18:15:00", "type": "cve", "title": "CVE-2022-20625", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.1, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20625"], "modified": "2022-10-07T03:04:00", "cpe": ["cpe:/o:cisco:nx-os:4.1\\(3f\\)c", "cpe:/o:cisco:nx-os:8.2\\(7.34\\)", "cpe:/o:cisco:nx-os:9.3\\(8.15\\)", "cpe:/o:cisco:nx-os:5.2\\(1\\)sv5\\(1.3b\\)", "cpe:/o:cisco:nx-os:4.0\\(1a\\)a"], "id": "CVE-2022-20625", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20625", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:cisco:nx-os:4.0\\(1a\\)a:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:4.1\\(3f\\)c:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:8.2\\(7.34\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:5.2\\(1\\)sv5\\(1.3b\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(8.15\\):*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:04:39", "description": "A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker could exploit this vulnerability by sending a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. BFD session flaps can cause route instability and dropped traffic, resulting in a denial of service (DoS) condition. This vulnerability applies to both IPv4 and IPv6 traffic.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-23T18:15:00", "type": "cve", "title": "CVE-2022-20623", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20623"], "modified": "2022-03-02T15:37:00", "cpe": ["cpe:/o:cisco:nx-os:10.2\\(1\\)", "cpe:/o:cisco:nx-os:7.0\\(3\\)i7\\(3\\)", "cpe:/o:cisco:nx-os:9.3\\(8\\)"], "id": "CVE-2022-20623", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20623", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7\\(3\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:9.3\\(8\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:10.2\\(1\\):*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:04:43", "description": "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The NX-API feature is disabled by default.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-23T18:15:00", "type": "cve", "title": "CVE-2022-20650", "cwe": ["CWE-78"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20650"], "modified": "2022-03-08T16:04:00", "cpe": ["cpe:/o:cisco:nx-os:7.3\\(8\\)n1\\(0.4\\)", "cpe:/o:cisco:nx-os:10.2\\(1.72\\)"], "id": "CVE-2022-20650", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20650", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:nx-os:10.2\\(1.72\\):*:*:*:*:*:*:*", "cpe:2.3:o:cisco:nx-os:7.3\\(8\\)n1\\(0.4\\):*:*:*:*:*:*:*"]}], "cisco": [{"lastseen": "2022-12-17T06:19:30", "description": "A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\n\nThis vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\n\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr\"]\n\nThis advisory is part of the February 2022 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2022 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication [\"https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74834\"].", "cvss3": {}, "published": "2022-02-23T16:00:00", "type": "cisco", "title": "Cisco NX-OS Software Cisco Fabric Services Over IP Denial of Service Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-20624"], "modified": "2022-02-23T16:00:00", "id": "CISCO-SA-CFSOIP-DOS-TPYKYDR", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr", "cvss": {"score": 8.6, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}}, {"lastseen": "2023-01-24T06:14:56", "description": "A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition.\n\nThis vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart.\n\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-dos-G8DPLWYG [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-dos-G8DPLWYG\"]\n\nThis advisory is part of the February 2022 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2022 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication [\"https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74834\"].", "cvss3": {}, "published": "2022-02-23T16:00:00", "type": "cisco", "title": "Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-20625"], "modified": "2022-03-01T17:35:44", "id": "CISCO-SA-CDP-DOS-G8DPLWYG", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-dos-G8DPLWYG", "cvss": {"score": 4.3, "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}}, {"lastseen": "2022-12-17T06:19:22", "description": "A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device.\n\nThis vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker could exploit this vulnerability by sending a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. BFD session flaps can cause route instability and dropped traffic, resulting in a denial of service (DoS) condition. This vulnerability applies to both IPv4 and IPv6 traffic.\n\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn\"]\n\nThis advisory is part of the February 2022 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2022 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication [\"https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74834\"].", "cvss3": {}, "published": "2022-02-23T16:00:00", "type": "cisco", "title": "Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-20623"], "modified": "2022-03-23T15:41:48", "id": "CISCO-SA-NXOS-BFD-DOS-WGQXRZXN", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn", "cvss": {"score": 8.6, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}}, {"lastseen": "2022-12-17T06:19:27", "description": "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges.\n\nThe vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.\n\nNote: The NX-API feature is disabled by default.\n\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2 [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2\"]\n\nThis advisory is part of the February 2022 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2022 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication [\"https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74834\"].", "cvss3": {}, "published": "2022-02-23T16:00:00", "type": "cisco", "title": "Cisco NX-OS Software NX-API Command Injection Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-20650"], "modified": "2022-02-23T16:00:00", "id": "CISCO-SA-NXOS-NXAPI-CMDINJECT-ULUKNMZ2", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2", "cvss": {"score": 8.8, "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "nessus": [{"lastseen": "2023-01-10T19:17:07", "description": "According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the Cisco Fabric Services over IP component which could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets.\nAn attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-03T00:00:00", "type": "nessus", "title": "Cisco NX-OS Software Cisco Fabric Services Over IP DoS (cisco-sa-cfsoip-dos-tpykyDr)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20624"], "modified": "2022-03-08T00:00:00", "cpe": ["cpe:/o:cisco:nx-os"], "id": "CISCO-SA-CFSOIP-DOS-TPYKYDR.NASL", "href": "https://www.tenable.com/plugins/nessus/158563", "sourceData": "#TRUSTED 7177dc1e49568852839430a8bc305a02256217d068e3f5136a8416fac18b53646d00d3460b033fd739e9da335044f599e4dae0f78b601b1d91ee56a96df7c79c4ff75bad09ec4b577f37c03b340fb677186e22be71866c745cfaeaec4560fd048ee7a662f210fa2ce5b51b88847af3edd61d8d1d609bf4ed81c1cc53ba66890d72c0691aedafc26042ee1611ac096a4905665076a661849d1047df9fe9a33438f2f893ba43c4d930a31e7f6c346bb29c3a34d2717c4a1f6149c833bc414ecdf70095432f358d005cda065190914dc69b16ccd8ddbeb4c3ebb9f1896598f2441f760facac52be5e3591564eb0061a31b7571afc793c012db3890296ad4fb4b96bd91a6e3f11fe782fe6e7e1863ac2607a10608d3de805d68921c39fc63a0de4b9749c7e0c4a6e7cb0cf9418ad6bbbc1cffba2183f2737bd1c94a51d701efe802bf23d110e592e2a77533ffc67fcd8b87c8a3b11a40bb0ec9a8804a007fd1f82ce808fdd4572ab43bfa1bc78781a25a611e19f4373255e656dcf74171d8244dd7d0fe2def661c06b2f79222da29b08d4c303b555b846f60f2019b6a1ac9cfc12bb973ba5debc43ce3f31b8784a8564e473d7b322dca8bb696e095a003f52a26d2e2d2fedb2207a5ad5232fbce6b5401e8d98080a3408dc878b6756b04f86af94916f90de9263333c0e3910d283203ec0939b9e2fc7ae45b81258b1234ce9d5db6c\n#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158563);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\"CVE-2022-20624\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvy95696\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvy95840\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-cfsoip-dos-tpykyDr\");\n script_xref(name:\"IAVA\", value:\"2022-A-0095\");\n\n script_name(english:\"Cisco NX-OS Software Cisco Fabric Services Over IP DoS (cisco-sa-cfsoip-dos-tpykyDr)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the Cisco Fabric\nServices over IP component which could allow an unauthenticated, remote attacker to cause a denial of service\ncondition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets.\nAn attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful\nexploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ca8da000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74834\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy95696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy95840\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvy95696, CSCvy95840\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-20624\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:nx-os\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_nxos_version.nasl\", \"cisco_enum_smu.nasl\");\n script_require_keys(\"Host/Cisco/NX-OS/Version\", \"Host/Cisco/NX-OS/Model\", \"Host/Cisco/NX-OS/Device\");\n\n exit(0);\n}\n\ninclude('cisco_workarounds.inc');\ninclude('ccf.inc');\n\nvar product_info = cisco::get_product_info(name:'Cisco NX-OS Software');\n\nvar smus = make_array();\nvar version_list, vuln_ranges;\nvar cbi;\n\nif ('Nexus' >< product_info.device)\n{\n cbi = 'CSCvy95696';\n if (product_info.model =~ \"(^|[^0-9])3[0-9]{3,}\" || product_info.model =~ \"(^|[^0-9])9[0-9]{3,}\")\n {\n smus['7.0(3)I7(10)'] = 'CSCvy95696';\n smus['9.3(8)'] = 'CSCvy95696';\n }\n else\n {\n audit(AUDIT_HOST_NOT, 'affected');\n }\n version_list = [];\n\n if (product_info.model =~ \"(^|[^0-9])3[0-9]{2,3}\")\n {\n version_list = make_list(\n '5.0(3)A1(1)',\n '5.0(3)A1(2)',\n '5.0(3)A1(2a)',\n '5.0(3)U1(1)',\n '5.0(3)U1(1a)',\n '5.0(3)U1(1b)',\n '5.0(3)U1(1d)',\n '5.0(3)U1(2)',\n '5.0(3)U1(2a)',\n '5.0(3)U1(1c)',\n '5.0(3)U2(1)',\n '5.0(3)U2(2)',\n '5.0(3)U2(2a)',\n '5.0(3)U2(2b)',\n '5.0(3)U2(2c)',\n '5.0(3)U2(2d)',\n '5.0(3)U3(1)',\n '5.0(3)U3(2)',\n '5.0(3)U3(2a)',\n '5.0(3)U3(2b)',\n '5.0(3)U4(1)',\n '5.0(3)U5(1)',\n '5.0(3)U5(1a)',\n '5.0(3)U5(1b)',\n '5.0(3)U5(1c)',\n '5.0(3)U5(1d)',\n '5.0(3)U5(1e)',\n '5.0(3)U5(1f)',\n '5.0(3)U5(1g)',\n '5.0(3)U5(1h)',\n '5.0(3)U5(1i)',\n '5.0(3)U5(1j)',\n '6.0(2)A1(1)',\n '6.0(2)A1(1a)',\n '6.0(2)A1(1b)',\n '6.0(2)A1(1c)',\n '6.0(2)A1(1d)',\n '6.0(2)A1(1e)',\n '6.0(2)A1(1f)',\n '6.0(2)A1(2d)',\n '6.0(2)A3(1)',\n '6.0(2)A3(2)',\n '6.0(2)A3(4)',\n '6.0(2)A4(1)',\n '6.0(2)A4(2)',\n '6.0(2)A4(3)',\n '6.0(2)A4(4)',\n '6.0(2)A4(5)',\n '6.0(2)A4(6)',\n '6.0(2)A6(1)',\n '6.0(2)A6(1a)',\n '6.0(2)A6(2)',\n '6.0(2)A6(2a)',\n '6.0(2)A6(3)',\n '6.0(2)A6(3a)',\n '6.0(2)A6(4)',\n '6.0(2)A6(4a)',\n '6.0(2)A6(5)',\n '6.0(2)A6(5a)',\n '6.0(2)A6(5b)',\n '6.0(2)A6(6)',\n '6.0(2)A6(7)',\n '6.0(2)A6(8)',\n '6.0(2)A7(1)',\n '6.0(2)A7(1a)',\n '6.0(2)A7(2)',\n '6.0(2)A7(2a)',\n '6.0(2)A8(1)',\n '6.0(2)A8(2)',\n '6.0(2)A8(3)',\n '6.0(2)A8(4)',\n '6.0(2)A8(4a)',\n '6.0(2)A8(5)',\n '6.0(2)A8(6)',\n '6.0(2)A8(7)',\n '6.0(2)A8(7a)',\n '6.0(2)A8(7b)',\n '6.0(2)A8(8)',\n '6.0(2)A8(9)',\n '6.0(2)A8(10a)',\n '6.0(2)A8(10)',\n '6.0(2)A8(11)',\n '6.0(2)A8(11a)',\n '6.0(2)A8(11b)',\n '6.0(2)U1(1)',\n '6.0(2)U1(2)',\n '6.0(2)U1(1a)',\n '6.0(2)U1(3)',\n '6.0(2)U1(4)',\n '6.0(2)U2(1)',\n '6.0(2)U2(2)',\n '6.0(2)U2(3)',\n '6.0(2)U2(4)',\n '6.0(2)U2(5)',\n '6.0(2)U2(6)',\n '6.0(2)U3(1)',\n '6.0(2)U3(2)',\n '6.0(2)U3(3)',\n '6.0(2)U3(4)',\n '6.0(2)U3(5)',\n '6.0(2)U3(6)',\n '6.0(2)U3(7)',\n '6.0(2)U3(8)',\n '6.0(2)U3(9)',\n '6.0(2)U4(1)',\n '6.0(2)U4(2)',\n '6.0(2)U4(3)',\n '6.0(2)U4(4)',\n '6.0(2)U5(1)',\n '6.0(2)U5(2)',\n '6.0(2)U5(3)',\n '6.0(2)U5(4)',\n '6.0(2)U6(1)',\n '6.0(2)U6(2)',\n '6.0(2)U6(3)',\n '6.0(2)U6(4)',\n '6.0(2)U6(5)',\n '6.0(2)U6(6)',\n '6.0(2)U6(7)',\n '6.0(2)U6(8)',\n '6.0(2)U6(1a)',\n '6.0(2)U6(2a)',\n '6.0(2)U6(3a)',\n '6.0(2)U6(4a)',\n '6.0(2)U6(5a)',\n '6.0(2)U6(5b)',\n '6.0(2)U6(5c)',\n '6.0(2)U6(9)',\n '6.0(2)U6(10)',\n '6.0(2)U6(10a)',\n '6.1(2)I2(2a)',\n '6.1(2)I2(2b)',\n '6.1(2)I3(1)',\n '6.1(2)I3(2)',\n '6.1(2)I3(3)',\n '6.1(2)I3(4)',\n '6.1(2)I3(3a)',\n '6.1(2)I3(4a)',\n '6.1(2)I3(4b)',\n '6.1(2)I3(4c)',\n '6.1(2)I3(4d)',\n '6.1(2)I3(4e)',\n '7.0(3)F3(1)',\n '7.0(3)F3(2)',\n '7.0(3)F3(3)',\n '7.0(3)F3(3a)',\n '7.0(3)F3(4)',\n '7.0(3)F3(3c)',\n '7.0(3)F3(5)',\n '7.0(3)I1(1)',\n '7.0(3)I1(1a)',\n '7.0(3)I1(1b)',\n '7.0(3)I1(2)',\n '7.0(3)I1(3)',\n '7.0(3)I1(3a)',\n '7.0(3)I1(3b)',\n '7.0(3)I1(1z)',\n '7.0(3)I2(2a)',\n '7.0(3)I2(2b)',\n '7.0(3)I2(2c)',\n '7.0(3)I2(2d)',\n '7.0(3)I2(2e)',\n '7.0(3)I2(3)',\n '7.0(3)I2(4)',\n '7.0(3)I2(5)',\n '7.0(3)I2(1)',\n '7.0(3)I2(1a)',\n '7.0(3)I2(2)',\n '7.0(3)I2(2r)',\n '7.0(3)I2(2s)',\n '7.0(3)I2(2v)',\n '7.0(3)I2(2w)',\n '7.0(3)I2(2x)',\n '7.0(3)I2(2y)',\n '7.0(3)I3(1)',\n '7.0(3)I4(1)',\n '7.0(3)I4(2)',\n '7.0(3)I4(3)',\n '7.0(3)I4(4)',\n '7.0(3)I4(5)',\n '7.0(3)I4(6)',\n '7.0(3)I4(7)',\n '7.0(3)I4(8)',\n '7.0(3)I4(8a)',\n '7.0(3)I4(8b)',\n '7.0(3)I4(8z)',\n '7.0(3)I4(1t)',\n '7.0(3)I4(6t)',\n '7.0(3)I4(9)',\n '7.0(3)I5(1)',\n '7.0(3)I5(2)',\n '7.0(3)I5(3)',\n '7.0(3)I5(3a)',\n '7.0(3)I5(3b)',\n '7.0(3)I6(1)',\n '7.0(3)I6(2)',\n '7.0(3)I7(1)',\n '7.0(3)I7(2)',\n '7.0(3)I7(3)',\n '7.0(3)I7(4)',\n '7.0(3)I7(5)',\n '7.0(3)I7(5a)',\n '7.0(3)I7(3z)',\n '7.0(3)I7(6)',\n '7.0(3)I7(6z)',\n '7.0(3)I7(7)',\n '7.0(3)I7(8)',\n '7.0(3)I7(9)',\n '7.0(3)I7(9w)',\n '7.0(3)I7(10)',\n '7.0(3)IX1(2)',\n '7.0(3)IX1(2a)',\n '9.2(1)',\n '9.2(2)',\n '9.2(2t)',\n '9.2(3)',\n '9.2(3y)',\n '9.2(4)',\n '9.2(2v)',\n '7.0(3)IC4(4)',\n '7.0(3)IM7(2)',\n '9.3(1)',\n '9.3(2)',\n '9.3(3)',\n '9.3(4)',\n '9.3(5)',\n '9.3(6)',\n '9.3(7)',\n '9.3(7k)',\n '9.3(7a)',\n '9.3(8)',\n '10.1(1)',\n '10.1(2)'\n );\n }\n\n if (product_info.model =~ \"(^|[^0-9])9[0-9]{3,}\")\n {\n if (!isnull(get_kb_item('Host/aci/system/chassis/summary')))\n # Only NX-OS mode 9000 switched are affected so bow out if ACI kb entry present\n audit(AUDIT_HOST_NOT, 'affected');\n\n version_list = make_list(\n '5.0(3)A1(1)',\n '5.0(3)A1(2)',\n '5.0(3)A1(2a)',\n '5.0(3)U1(1)',\n '5.0(3)U1(1a)',\n '5.0(3)U1(1b)',\n '5.0(3)U1(1d)',\n '5.0(3)U1(2)',\n '5.0(3)U1(2a)',\n '5.0(3)U1(1c)',\n '5.0(3)U2(1)',\n '5.0(3)U2(2)',\n '5.0(3)U2(2a)',\n '5.0(3)U2(2b)',\n '5.0(3)U2(2c)',\n '5.0(3)U2(2d)',\n '5.0(3)U3(1)',\n '5.0(3)U3(2)',\n '5.0(3)U3(2a)',\n '5.0(3)U3(2b)',\n '5.0(3)U4(1)',\n '5.0(3)U5(1)',\n '5.0(3)U5(1a)',\n '5.0(3)U5(1b)',\n '5.0(3)U5(1c)',\n '5.0(3)U5(1d)',\n '5.0(3)U5(1e)',\n '5.0(3)U5(1f)',\n '5.0(3)U5(1g)',\n '5.0(3)U5(1h)',\n '5.0(3)U5(1i)',\n '5.0(3)U5(1j)',\n '6.0(2)A1(1)',\n '6.0(2)A1(1a)',\n '6.0(2)A1(1b)',\n '6.0(2)A1(1c)',\n '6.0(2)A1(1d)',\n '6.0(2)A1(1e)',\n '6.0(2)A1(1f)',\n '6.0(2)A1(2d)',\n '6.0(2)A3(1)',\n '6.0(2)A3(2)',\n '6.0(2)A3(4)',\n '6.0(2)A4(1)',\n '6.0(2)A4(2)',\n '6.0(2)A4(3)',\n '6.0(2)A4(4)',\n '6.0(2)A4(5)',\n '6.0(2)A4(6)',\n '6.0(2)A6(1)',\n '6.0(2)A6(1a)',\n '6.0(2)A6(2)',\n '6.0(2)A6(2a)',\n '6.0(2)A6(3)',\n '6.0(2)A6(3a)',\n '6.0(2)A6(4)',\n '6.0(2)A6(4a)',\n '6.0(2)A6(5)',\n '6.0(2)A6(5a)',\n '6.0(2)A6(5b)',\n '6.0(2)A6(6)',\n '6.0(2)A6(7)',\n '6.0(2)A6(8)',\n '6.0(2)A7(1)',\n '6.0(2)A7(1a)',\n '6.0(2)A7(2)',\n '6.0(2)A7(2a)',\n '6.0(2)A8(1)',\n '6.0(2)A8(2)',\n '6.0(2)A8(3)',\n '6.0(2)A8(4)',\n '6.0(2)A8(4a)',\n '6.0(2)A8(5)',\n '6.0(2)A8(6)',\n '6.0(2)A8(7)',\n '6.0(2)A8(7a)',\n '6.0(2)A8(7b)',\n '6.0(2)A8(8)',\n '6.0(2)A8(9)',\n '6.0(2)A8(10a)',\n '6.0(2)A8(10)',\n '6.0(2)A8(11)',\n '6.0(2)A8(11a)',\n '6.0(2)A8(11b)',\n '6.0(2)U1(1)',\n '6.0(2)U1(2)',\n '6.0(2)U1(1a)',\n '6.0(2)U1(3)',\n '6.0(2)U1(4)',\n '6.0(2)U2(1)',\n '6.0(2)U2(2)',\n '6.0(2)U2(3)',\n '6.0(2)U2(4)',\n '6.0(2)U2(5)',\n '6.0(2)U2(6)',\n '6.0(2)U3(1)',\n '6.0(2)U3(2)',\n '6.0(2)U3(3)',\n '6.0(2)U3(4)',\n '6.0(2)U3(5)',\n '6.0(2)U3(6)',\n '6.0(2)U3(7)',\n '6.0(2)U3(8)',\n '6.0(2)U3(9)',\n '6.0(2)U4(1)',\n '6.0(2)U4(2)',\n '6.0(2)U4(3)',\n '6.0(2)U4(4)',\n '6.0(2)U5(1)',\n '6.0(2)U5(2)',\n '6.0(2)U5(3)',\n '6.0(2)U5(4)',\n '6.0(2)U6(1)',\n '6.0(2)U6(2)',\n '6.0(2)U6(3)',\n '6.0(2)U6(4)',\n '6.0(2)U6(5)',\n '6.0(2)U6(6)',\n '6.0(2)U6(7)',\n '6.0(2)U6(8)',\n '6.0(2)U6(1a)',\n '6.0(2)U6(2a)',\n '6.0(2)U6(3a)',\n '6.0(2)U6(4a)',\n '6.0(2)U6(5a)',\n '6.0(2)U6(5b)',\n '6.0(2)U6(5c)',\n '6.0(2)U6(9)',\n '6.0(2)U6(10)',\n '6.0(2)U6(10a)',\n '6.1(2)I2(2a)',\n '6.1(2)I2(2b)',\n '6.1(2)I3(1)',\n '6.1(2)I3(2)',\n '6.1(2)I3(3)',\n '6.1(2)I3(4)',\n '6.1(2)I3(3a)',\n '6.1(2)I3(4a)',\n '6.1(2)I3(4b)',\n '6.1(2)I3(4c)',\n '6.1(2)I3(4d)',\n '6.1(2)I3(4e)',\n '7.0(3)F3(1)',\n '7.0(3)F3(2)',\n '7.0(3)F3(3)',\n '7.0(3)F3(3a)',\n '7.0(3)F3(4)',\n '7.0(3)F3(3c)',\n '7.0(3)F3(5)',\n '7.0(3)I1(1)',\n '7.0(3)I1(1a)',\n '7.0(3)I1(1b)',\n '7.0(3)I1(2)',\n '7.0(3)I1(3)',\n '7.0(3)I1(3a)',\n '7.0(3)I1(3b)',\n '7.0(3)I1(1z)',\n '7.0(3)I2(2a)',\n '7.0(3)I2(2b)',\n '7.0(3)I2(2c)',\n '7.0(3)I2(2d)',\n '7.0(3)I2(2e)',\n '7.0(3)I2(3)',\n '7.0(3)I2(4)',\n '7.0(3)I2(5)',\n '7.0(3)I2(1)',\n '7.0(3)I2(1a)',\n '7.0(3)I2(2)',\n '7.0(3)I2(2r)',\n '7.0(3)I2(2s)',\n '7.0(3)I2(2v)',\n '7.0(3)I2(2w)',\n '7.0(3)I2(2x)',\n '7.0(3)I2(2y)',\n '7.0(3)I3(1)',\n '7.0(3)I4(1)',\n '7.0(3)I4(2)',\n '7.0(3)I4(3)',\n '7.0(3)I4(4)',\n '7.0(3)I4(5)',\n '7.0(3)I4(6)',\n '7.0(3)I4(7)',\n '7.0(3)I4(8)',\n '7.0(3)I4(8a)',\n '7.0(3)I4(8b)',\n '7.0(3)I4(8z)',\n '7.0(3)I4(1t)',\n '7.0(3)I4(6t)',\n '7.0(3)I4(9)',\n '7.0(3)I5(1)',\n '7.0(3)I5(2)',\n '7.0(3)I5(3)',\n '7.0(3)I5(3a)',\n '7.0(3)I5(3b)',\n '7.0(3)I6(1)',\n '7.0(3)I6(2)',\n '7.0(3)I7(1)',\n '7.0(3)I7(2)',\n '7.0(3)I7(3)',\n '7.0(3)I7(4)',\n '7.0(3)I7(5)',\n '7.0(3)I7(5a)',\n '7.0(3)I7(3z)',\n '7.0(3)I7(6)',\n '7.0(3)I7(6z)',\n '7.0(3)I7(7)',\n '7.0(3)I7(8)',\n '7.0(3)I7(9)',\n '7.0(3)I7(9w)',\n '7.0(3)I7(10)',\n '7.0(3)IX1(2)',\n '7.0(3)IX1(2a)',\n '9.2(1)',\n '9.2(2)',\n '9.2(2t)',\n '9.2(3)',\n '9.2(3y)',\n '9.2(4)',\n '9.2(2v)',\n '7.0(3)IC4(4)',\n '7.0(3)IM7(2)',\n '9.3(1)',\n '9.3(2)',\n '9.3(3)',\n '9.3(4)',\n '9.3(5)',\n '9.3(6)',\n '9.3(7)',\n '9.3(7k)',\n '9.3(7a)',\n '9.3(8)',\n '10.1(1)',\n '10.1(2)',\n '6.1(2)I1(3)',\n '6.1(2)I1(2)',\n '6.1(2)I2(1)',\n '6.1(2)I2(2)',\n '6.1(2)I2(2a)',\n '6.1(2)I2(3)',\n '6.1(2)I2(2b)',\n '6.1(2)I3(1)',\n '6.1(2)I3(2)',\n '6.1(2)I3(3)',\n '6.1(2)I3(4)',\n '6.1(2)I3(3a)',\n '6.1(2)I3(4a)',\n '6.1(2)I3(4b)',\n '6.1(2)I3(4c)',\n '6.1(2)I3(4d)',\n '6.1(2)I3(4e)',\n '6.1(2)I3(5)',\n '6.1(2)I3(5a)',\n '6.1(2)I3(5b)',\n '7.0(3)F1(1)',\n '7.0(3)F2(1)',\n '7.0(3)F2(2)',\n '7.0(3)F3(1)',\n '7.0(3)F3(3)',\n '7.0(3)F3(3a)',\n '7.0(3)F3(4)',\n '7.0(3)F3(3c)',\n '7.0(3)F3(5)',\n '7.0(3)I1(1)',\n '7.0(3)I1(1a)',\n '7.0(3)I1(1b)',\n '7.0(3)I1(2)',\n '7.0(3)I1(3)',\n '7.0(3)I1(3a)',\n '7.0(3)I1(3b)',\n '7.0(3)I1(1z)',\n '7.0(3)I2(2a)',\n '7.0(3)I2(2b)',\n '7.0(3)I2(2c)',\n '7.0(3)I2(2d)',\n '7.0(3)I2(2e)',\n '7.0(3)I2(3)',\n '7.0(3)I2(4)',\n '7.0(3)I2(5)',\n '7.0(3)I2(1)',\n '7.0(3)I2(1a)',\n '7.0(3)I2(2)',\n '7.0(3)I2(2r)',\n '7.0(3)I2(2s)',\n '7.0(3)I2(2v)',\n '7.0(3)I2(2w)',\n '7.0(3)I2(2x)',\n '7.0(3)I2(2y)',\n '7.0(3)I3(1)',\n '7.0(3)I4(1)',\n '7.0(3)I4(2)',\n '7.0(3)I4(3)',\n '7.0(3)I4(4)',\n '7.0(3)I4(5)',\n '7.0(3)I4(6)',\n '7.0(3)I4(7)',\n '7.0(3)I4(8)',\n '7.0(3)I4(8a)',\n '7.0(3)I4(8b)',\n '7.0(3)I4(8z)',\n '7.0(3)I4(1t)',\n '7.0(3)I4(6t)',\n '7.0(3)I4(9)',\n '7.0(3)I5(1)',\n '7.0(3)I5(2)',\n '7.0(3)I5(3)',\n '7.0(3)I5(3a)',\n '7.0(3)I5(3b)',\n '7.0(3)I6(1)',\n '7.0(3)I6(2)',\n '7.0(3)I7(1)',\n '7.0(3)I7(2)',\n '7.0(3)I7(3)',\n '7.0(3)I7(4)',\n '7.0(3)I7(5)',\n '7.0(3)I7(5a)',\n '7.0(3)I7(3z)',\n '7.0(3)I7(6)',\n '7.0(3)I7(7)',\n '7.0(3)I7(8)',\n '7.0(3)I7(9)',\n '7.0(3)I7(9w)',\n '7.0(3)I7(10)',\n '9.2(1)',\n '9.2(2)',\n '9.2(3)',\n '9.2(3y)',\n '9.2(4)',\n '7.0(3)IA7(1)',\n '7.0(3)IA7(2)',\n '7.0(3)IC4(4)',\n '7.0(3)IM3(1)',\n '7.0(3)IM3(2)',\n '7.0(3)IM3(2a)',\n '7.0(3)IM3(2b)',\n '7.0(3)IM3(3)',\n '9.3(1)',\n '9.3(2)',\n '9.3(3)',\n '9.3(1z)',\n '9.3(4)',\n '9.3(5)',\n '9.3(6)',\n '9.3(5w)',\n '9.3(7)',\n '9.3(7k)',\n '9.3(7a)',\n '9.3(8)',\n '10.1(1)',\n '10.1(2)'\n );\n }\n}\nelse if ('UCS' >< product_info.device)\n{\n cbi = 'CSCvy95840';\n if (product_info.model =~ '(^|[^0-9])64[0-9]{2,}')\n {\n vuln_ranges = [\n {'min_ver': '4.0', 'fix_ver': '4.1(3h)'},\n {'min_ver': '4.2', 'fix_ver': '4.2(1k)'}\n ];\n }\n else audit(AUDIT_HOST_NOT, 'affected');\n}\nelse\n audit(AUDIT_HOST_NOT, 'affected');\n\nvar reporting = make_array(\n 'port' , 0,\n 'severity', SECURITY_HOLE,\n 'version' , product_info['version'],\n 'bug_id' , cbi,\n 'cmds' , make_list('show cfs status')\n);\n\nvar workarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);\nvar workaround_params = WORKAROUND_CONFIG['cfs_ip_enabled'];\n\ncisco::check_and_report(\n product_info:product_info,\n workarounds:workarounds,\n workaround_params:workaround_params,\n reporting:reporting,\n vuln_versions:version_list,\n vuln_ranges:vuln_ranges,\n smus:smus\n);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-10T19:18:59", "description": "According to its self-reported version, Cisco NX-OS Software for Cisco Nexus 9000 Series Switches is affected by a denial of service vulnerability. The vulnerability exists in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches. An unauthenticated, remote attacker can exploit this by sending a crafted stream of traffic through the device to cause BFD traffic to be dropped, resulting in BFD session flaps. This can cause route instability and dropped traffic and may result in a denial of service (DoS) condition. This vulnerability applies on both IPv4 and IPv6 traffic.\n\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-14T00:00:00", "type": "nessus", "title": "Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection DoS (cisco-sa-nxos-bfd-dos-wGQXrzxn)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20623"], "modified": "2022-10-26T00:00:00", "cpe": ["cpe:/o:cisco:nx-os"], "id": "CISCO-SA-NXOS-BFD-DOS-WGQXRZXN.NASL", "href": "https://www.tenable.com/plugins/nessus/158887", "sourceData": "#TRUSTED 58453024e519bcd2de3456aac302614f0fd282748a0925bd4edccb892b1e9c659c8fc18cd6dc633736e2c958c69bd2c27746622843a73284eca3c3a39510aa9eb24c823fa1844e5712b3632bc04465acede05c25f18ba880626eb05c6af6f44eb5614d3016f9937fe60b6824c99ccde00124a3f8474a3eefb832ef2b6e6059a00270059e9dba125c1846129f6f7eaad25eb65633ff54a56069f387bad020afe561b716b3b18775413878d774b813d2cd235625673a6d5ab8edc48c41f3c3582507fdb0c71ab5fabb4e03789d963697092ecbee55f6077e037213ecb38294fe9a68d9227256e0c317514960b8df9174f05100a24bbf28250bb78472da4baaedd433aa202da1c080686e081b5ca67b8c30321b2629f02f56141fb6c38210f446fde420eeb7c41295f2414f0c882eb2bcd34cd39ed92444f25d5d5a5393618b66852f4691353dc2d098509630b38d00fddb2f7720aaa50a77876c5b9b05fdaa1ac5d7e19f4607e505a505e27e1495d9c945f053d340ffd088d1fab8be275022e8c9f4a6e4618a429be9bc0accc2fd88180c1ff271b97520cb4f47712be7557b3dca58e49df25aeb3ced973635cf88959c68f457e8cb4b0d25297dd793c1ee5e3e5fd31e75744f18ed989a95cd59f6d7478bfcd17ef6d75e71d6fe70d044679e2bed9c6654869306b96752c2852fcdf2026d452596dd93bc6b0735a42cd30715bb87\n#TRUST-RSA-SHA256 2dc235856292dd365265eb8e730ac05dd5760a98c05238c6675caf95717df2731c43b302a15072ef80adc2ab5f4e01d3f0b0a8dc68390c96088958fb4cad6a542bf6ab2d182a244beb4727279c73e32bc87f96c6dc8a44330ebbdf6ee23baf9232437c0aeac2467a3551610eda1e3320c23ab71d650b246a1655dc5567a71842b0f1370f00591d8de4b7383ee8be52b53ea75b717f703e06157ccb81c9f2546a9b0da70e25ef2d46a9ec1f2766e190f57a58e7f2ec5af74e9ae7bb9284b30358afdad2c3bd87fdf8fef06f116973c9094a5fbc783811f184d4b385f1b64571829f14935e42e5540d57a56a433dc001dbe2af1901b391b3544c36bc4d2c8eb6e7dd658e659b281034fac3182cb03c30a08887f4180183bfb6171a473ace0366226c2dca2a8233cfabde6e36882f19111e86005fb33292044593edd83314c076e183cc53b20e2174129f79c09597aa9bd54c817c4778738619d5a47de09fb117d0ee2262c5ac8ee0741a4f10ce12c11319303994d007da7b536a69a26396c124bef3e78f3e2bc02d194fb5e42035940efcfa020d11f2e15d43f67d70d96bdbb41fba77820f84de267277b80daabb67fd2da78b4f8d7fa27a7f2c1440a7b6d8273b7af19e4089aabaf632d8ca6b1d51e3d132f79c43a7912ca088087f05ba63b1bf2668a7c535f24435195d15d319f9e5f043e4e3ec684378ad929a56c7744cc38d\n#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158887);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/26\");\n\n script_cve_id(\"CVE-2022-20623\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvx75912\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-nxos-bfd-dos-wGQXrzxn\");\n script_xref(name:\"IAVA\", value:\"2022-A-0095\");\n\n script_name(english:\"Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection DoS (cisco-sa-nxos-bfd-dos-wGQXrzxn)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Cisco NX-OS Software for Cisco Nexus 9000 Series Switches is affected by a \ndenial of service vulnerability. The vulnerability exists in the rate limiter for Bidirectional Forwarding Detection \n(BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches. An unauthenticated, remote attacker can \nexploit this by sending a crafted stream of traffic through the device to cause BFD traffic to be dropped, resulting \nin BFD session flaps. This can cause route instability and dropped traffic and may result in a denial of service (DoS) \ncondition. This vulnerability applies on both IPv4 and IPv6 traffic.\n\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bbf2e13f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74834\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx75912\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvx75912\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-20623\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:nx-os\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_nxos_version.nasl\");\n script_require_keys(\"Host/Cisco/NX-OS/Version\", \"Host/Cisco/NX-OS/Model\", \"Host/Cisco/NX-OS/Device\");\n\n exit(0);\n}\n\ninclude('cisco_workarounds.inc');\ninclude('ccf.inc');\n\nvar product_info = cisco::get_product_info(name:'Cisco NX-OS Software');\nvar workarounds, workaround_params, g1_model, g2_model;\n\n# Cisco Nexus 9000 Series \nif ('Nexus' >!< product_info.device || product_info.model !~ \"9[0-9]{3}\")\n audit(AUDIT_HOST_NOT, 'an affected model');\n\n# check BFD feature\nworkarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);\nworkaround_params = WORKAROUND_CONFIG['nxos_feature_bfd'];\n\nvar m_model = cisco_command_kb_item('Host/Cisco/Config/show_module', 'show module');\n\nif (empty_or_null(m_model))\n audit(AUDIT_HOST_NOT, 'an affected model');\n\n# Cisco Nexus 9200 and 9300 Platform Switches\nvar model_list1 = make_list(\n 'N9K-C92160YC-X',\n 'N9K-C92300YC',\n 'N9K-C92304QC',\n 'N9K-C9232C',\n 'N9K-C92348GC-X',\n 'N9K-C9236C',\n 'N9K-C9272Q',\n 'N9K-C93108TC-EX',\n 'N9K-C93108TC-FX',\n 'N9K-C9316D-GX',\n 'N9K-C93180LC-EX',\n 'N9K-C93180YC2-FX',\n 'N9K-C93180YC-EX',\n 'N9K-C93180YC-FX',\n 'N9K-C93216TC-FX2',\n 'N9K-C93240YC-FX2',\n 'N9K-C9332C',\n 'N9K-C93360YC-FX2',\n 'N9K-C9336C-FX2',\n 'N9K-C9348GC-FXP',\n 'N9K-C93600CD-GX',\n 'N9K-C9364C',\n 'N9K-C9364C-GX'\n);\n\n# Cisco Nexus 9500 Series Switches\nvar model_list2 = make_list(\n 'N9K-X97160YC-EX',\n 'N9K-X97284YC-FX',\n 'N9K-X9732C-EX',\n 'N9K-X9732C-FX',\n 'N9K-X9736C-EX',\n 'N9K-X9736C-FX',\n 'N9K-X9788TC-FX'\n);\n\nvar vuln_model = FALSE;\nvar m_list1 = FALSE;\nvar m_list2 = FALSE;\nvar version_list = [];\n\nforeach g1_model (model_list1)\n{\n if (g1_model >< m_model)\n {\n vuln_model = TRUE;\n m_list1 = TRUE;\n break;\n }\n}\n\nif (!vuln_model)\n{\n foreach g2_model (model_list2)\n {\n if (g2_model >< m_model)\n {\n vuln_model = TRUE;\n m_list2 = TRUE;\n break;\n }\n }\n\n if (!vuln_model)\n audit(AUDIT_HOST_NOT, 'an affected model');\n}\n\nif (m_list1)\n{\n version_list = make_list(\n '7.0(3)I6(2)',\n '7.0(3)I7(1)',\n '7.0(3)I7(2)',\n '7.0(3)I7(3)'\n );\n}\n\nelse if (m_list2)\n{\n version_list = make_list(\n '7.0(3)I6(2)',\n '7.0(3)I7(1)',\n '7.0(3)I7(2)',\n '7.0(3)I7(3)',\n '7.0(3)I7(4)',\n '7.0(3)I7(5)',\n '7.0(3)I7(5a)',\n '7.0(3)I7(3z)',\n '7.0(3)I7(6)',\n '7.0(3)I7(7)',\n '7.0(3)I7(8)',\n '7.0(3)I7(9)',\n '7.0(3)I7(9w)',\n '7.0(3)I7(10)',\n '9.2(1)',\n '9.2(2)',\n '9.2(3)',\n '9.2(3y)',\n '9.2(4)',\n '7.0(3)IA7(1)',\n '7.0(3)IA7(2)',\n '9.3(1)',\n '9.3(2)',\n '9.3(3)',\n '9.3(1z)',\n '9.3(4)',\n '9.3(5)',\n '9.3(6)',\n '9.3(5w)',\n '9.3(7)',\n '9.3(7k)',\n '9.3(7a)',\n '9.3(8)',\n '10.1(1)',\n '10.1(2)',\n '10.2(1)',\n '10.2(2)',\n '10.2(1q)',\n '10.2(2a)'\n );\n}\n\nvar reporting = make_array(\n 'port' , 0,\n 'severity', SECURITY_WARNING,\n 'version' , product_info['version'],\n 'cmds' , make_list('show feature | include bfd', 'show module'),\n 'bug_id' , 'CSCvx75912'\n);\n\ncisco::check_and_report(\n product_info:product_info,\n reporting:reporting,\n workarounds:workarounds,\n workaround_params:workaround_params,\n vuln_versions:version_list\n);\n\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-10T19:16:38", "description": "According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the NX-API feature that allows an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The NX-API feature is disabled by default.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-03T00:00:00", "type": "nessus", "title": "Cisco NX-OS Software NX-API Command Injection (cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20650"], "modified": "2022-03-04T00:00:00", "cpe": ["cpe:/o:cisco:nx-os"], "id": "CISCO-SA-NXOS-NXAPI-CMDINJECT-ULUKNMZ2.NASL", "href": "https://www.tenable.com/plugins/nessus/158559", "sourceData": "#TRUSTED 4dd417f559efaceb248868e5dc921a41230434d333119be95215e30770782d5082c3329bd4a18c6f3efd2a3e92e35a79445436f02e409d74a5f9a7800a738fe6c0f7b94239dce11314cf9a07f9aec25ea6335156e206346ce4ac410f6d46abbb0d66530221ef24cbab97b6e38340e42bf2d895f425e1f73d6681c8d935d5209a16f3f0c06ecd660e53d04ced5c92e9c4585ff8cddbbd544feefb3696a725ca32a359e33ed64113cda381d181a27cc2985fb1a14fbe696c3668b433480e43633d98da8019621e53b99028c2d4b1646be2e8f42a94e60c4ea5b7ad9cf887db9ef4b27870dbe7bc4ce92664b518c590a206963ba99a6bd1d6df48fb8ce846539abb2542900487e63317444eb69e1daf1ca8e0f37ee7b7cfd870593a2378d737053efb15be64238ef1041692fce69a521ea7140f49b2515ea96f6d5ab16764c8268ade9ed522e03779604b2aaf83ead25165115224ce0f0eaa822c92a521a370470611f8b08a8e5bea7c7f6f0ad4affef27ca323534faf60ba0f4ce72d6cb13abaa87d7a0c05cde2a86c7b99d338283e7796bd72d129fe61b7c21e4eef6481bb4476530b90156a0197dff69c9ae2d0a09ab23610006af91f523c115cd26f7d1273c9f9e34c89a18531349a56497874878d6595ace90718c106df43834bf874165324048db2a7435b3ff37f9323749f5b56a4dd796435e9a9824bd3525a6830da2dc3\n#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158559);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/04\");\n\n script_cve_id(\"CVE-2022-20650\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvz80191\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvz81047\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2\");\n script_xref(name:\"IAVA\", value:\"2022-A-0095\");\n\n script_name(english:\"Cisco NX-OS Software NX-API Command Injection (cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the NX-API feature that\nallows an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to\ninsufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this\nvulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could\nallow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The\nNX-API feature is disabled by default.\n\nPlease see the included Cisco BIDs and Cisco Security Advisory for more information.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3f616679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74834\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz80191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz81047\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvz80191, CSCvz81047\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-20650\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(78);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:nx-os\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_nxos_version.nasl\", \"cisco_enum_smu.nasl\");\n script_require_keys(\"Host/Cisco/NX-OS/Version\", \"Host/Cisco/NX-OS/Model\", \"Host/Cisco/NX-OS/Device\");\n\n exit(0);\n}\n\ninclude('cisco_workarounds.inc');\ninclude('ccf.inc');\n\nvar product_info = cisco::get_product_info(name:'Cisco NX-OS Software');\nvar smus = make_array();\nif (('Nexus' >< product_info.device) &&\n (product_info.model =~ \"(^|[^0-9])3[0-9]{3,}\" || product_info.model =~ \"(^|[^0-9])9[0-9]{3,}\")\n )\n{\n smus['7.0(3)I7(10)'] = 'CSCvz80191';\n smus['9.3(8)'] = 'CSCvz80191';\n}\n\n\nif (('Nexus' >!< product_info.device || product_info.model !~ \"(^|[^0-9])3[0-9]{3,}\") &&\n ('Nexus' >!< product_info.device || product_info.model !~ \"(^|[^0-9])9[0-9]{3,}\") &&\n ('Nexus' >!< product_info.device || product_info.model !~ \"(^|[^0-9])5[56][0-9]{2,}\") &&\n ('Nexus' >!< product_info.device || product_info.model !~ \"(^|[^0-9])6[0-9]{3,}\"))\naudit(AUDIT_HOST_NOT, 'affected');\n\nvar version_list = [];\n\nif ('Nexus' >< product_info.device && product_info.model =~ \"(^|[^0-9])3[0-9]{3,}\")\n{\n version_list = make_list(\n '6.0(2)A4(1)',\n '6.0(2)A4(2)',\n '6.0(2)A4(3)',\n '6.0(2)A4(4)',\n '6.0(2)A4(5)',\n '6.0(2)A4(6)',\n '6.0(2)A6(1)',\n '6.0(2)A6(1a)',\n '6.0(2)A6(2)',\n '6.0(2)A6(2a)',\n '6.0(2)A6(3)',\n '6.0(2)A6(3a)',\n '6.0(2)A6(4)',\n '6.0(2)A6(4a)',\n '6.0(2)A6(5)',\n '6.0(2)A6(5a)',\n '6.0(2)A6(5b)',\n '6.0(2)A6(6)',\n '6.0(2)A6(7)',\n '6.0(2)A6(8)',\n '6.0(2)A7(1)',\n '6.0(2)A7(1a)',\n '6.0(2)A7(2)',\n '6.0(2)A7(2a)',\n '6.0(2)A8(1)',\n '6.0(2)A8(2)',\n '6.0(2)A8(3)',\n '6.0(2)A8(4)',\n '6.0(2)A8(4a)',\n '6.0(2)A8(5)',\n '6.0(2)A8(6)',\n '6.0(2)A8(7)',\n '6.0(2)A8(7a)',\n '6.0(2)A8(7b)',\n '6.0(2)A8(8)',\n '6.0(2)A8(9)',\n '6.0(2)A8(10a)',\n '6.0(2)A8(10)',\n '6.0(2)A8(11)',\n '6.0(2)A8(11a)',\n '6.0(2)A8(11b)',\n '6.0(2)U4(1)',\n '6.0(2)U4(2)',\n '6.0(2)U4(3)',\n '6.0(2)U4(4)',\n '6.0(2)U5(1)',\n '6.0(2)U5(2)',\n '6.0(2)U5(3)',\n '6.0(2)U5(4)',\n '6.0(2)U6(1)',\n '6.0(2)U6(2)',\n '6.0(2)U6(3)',\n '6.0(2)U6(4)',\n '6.0(2)U6(5)',\n '6.0(2)U6(6)',\n '6.0(2)U6(7)',\n '6.0(2)U6(8)',\n '6.0(2)U6(1a)',\n '6.0(2)U6(2a)',\n '6.0(2)U6(3a)',\n '6.0(2)U6(4a)',\n '6.0(2)U6(5a)',\n '6.0(2)U6(5b)',\n '6.0(2)U6(5c)',\n '6.0(2)U6(9)',\n '6.0(2)U6(10)',\n '6.0(2)U6(10a)',\n '6.1(2)I2(2a)',\n '6.1(2)I2(2b)',\n '6.1(2)I3(1)',\n '6.1(2)I3(2)',\n '6.1(2)I3(3)',\n '6.1(2)I3(4)',\n '6.1(2)I3(3a)',\n '6.1(2)I3(4a)',\n '6.1(2)I3(4b)',\n '6.1(2)I3(4c)',\n '6.1(2)I3(4d)',\n '6.1(2)I3(4e)',\n '7.0(3)F3(1)',\n '7.0(3)F3(2)',\n '7.0(3)F3(3)',\n '7.0(3)F3(3a)',\n '7.0(3)F3(4)',\n '7.0(3)F3(3c)',\n '7.0(3)F3(5)',\n '7.0(3)I1(1)',\n '7.0(3)I1(1a)',\n '7.0(3)I1(1b)',\n '7.0(3)I1(2)',\n '7.0(3)I1(3)',\n '7.0(3)I1(3a)',\n '7.0(3)I1(3b)',\n '7.0(3)I1(1z)',\n '7.0(3)I2(2a)',\n '7.0(3)I2(2b)',\n '7.0(3)I2(2c)',\n '7.0(3)I2(2d)',\n '7.0(3)I2(2e)',\n '7.0(3)I2(3)',\n '7.0(3)I2(4)',\n '7.0(3)I2(5)',\n '7.0(3)I2(1)',\n '7.0(3)I2(1a)',\n '7.0(3)I2(2)',\n '7.0(3)I2(2r)',\n '7.0(3)I2(2s)',\n '7.0(3)I2(2v)',\n '7.0(3)I2(2w)',\n '7.0(3)I2(2x)',\n '7.0(3)I2(2y)',\n '7.0(3)I3(1)',\n '7.0(3)I4(1)',\n '7.0(3)I4(2)',\n '7.0(3)I4(3)',\n '7.0(3)I4(4)',\n '7.0(3)I4(5)',\n '7.0(3)I4(6)',\n '7.0(3)I4(7)',\n '7.0(3)I4(8)',\n '7.0(3)I4(8a)',\n '7.0(3)I4(8b)',\n '7.0(3)I4(8z)',\n '7.0(3)I4(1t)',\n '7.0(3)I4(6t)',\n '7.0(3)I4(9)',\n '7.0(3)I5(1)',\n '7.0(3)I5(2)',\n '7.0(3)I5(3)',\n '7.0(3)I5(3a)',\n '7.0(3)I5(3b)',\n '7.0(3)I6(1)',\n '7.0(3)I6(2)',\n '7.0(3)I7(1)',\n '7.0(3)I7(2)',\n '7.0(3)I7(3)',\n '7.0(3)I7(4)',\n '7.0(3)I7(5)',\n '7.0(3)I7(5a)',\n '7.0(3)I7(3z)',\n '7.0(3)I7(6)',\n '7.0(3)I7(6z)',\n '7.0(3)I7(7)',\n '7.0(3)I7(8)',\n '7.0(3)I7(9)',\n '7.0(3)I7(9w)',\n '7.0(3)I7(10)',\n '7.0(3)IX1(2)',\n '7.0(3)IX1(2a)',\n '9.2(1)',\n '9.2(2)',\n '9.2(2t)',\n '9.2(3)',\n '9.2(3y)',\n '9.2(4)',\n '9.2(2v)',\n '7.0(3)IC4(4)',\n '7.0(3)IM7(2)',\n '9.3(1)',\n '9.3(2)',\n '9.3(3)',\n '9.3(4)',\n '9.3(5)',\n '9.3(6)',\n '9.3(7)',\n '9.3(7k)',\n '9.3(7a)',\n '9.3(8)',\n '10.1(1)',\n '10.1(2)',\n '10.2(1)'\n );\n}\n\nif ('Nexus' >< product_info.device && product_info.model =~ \"(^|[^0-9])9[0-9]{3,}\")\n{\n version_list = make_list(\n '6.0(2)A4(1)',\n '6.0(2)A4(2)',\n '6.0(2)A4(3)',\n '6.0(2)A4(4)',\n '6.0(2)A4(5)',\n '6.0(2)A4(6)',\n '6.0(2)A6(1)',\n '6.0(2)A6(1a)',\n '6.0(2)A6(2)',\n '6.0(2)A6(2a)',\n '6.0(2)A6(3)',\n '6.0(2)A6(3a)',\n '6.0(2)A6(4)',\n '6.0(2)A6(4a)',\n '6.0(2)A6(5)',\n '6.0(2)A6(5a)',\n '6.0(2)A6(5b)',\n '6.0(2)A6(6)',\n '6.0(2)A6(7)',\n '6.0(2)A6(8)',\n '6.0(2)A7(1)',\n '6.0(2)A7(1a)',\n '6.0(2)A7(2)',\n '6.0(2)A7(2a)',\n '6.0(2)A8(1)',\n '6.0(2)A8(2)',\n '6.0(2)A8(3)',\n '6.0(2)A8(4)',\n '6.0(2)A8(4a)',\n '6.0(2)A8(5)',\n '6.0(2)A8(6)',\n '6.0(2)A8(7)',\n '6.0(2)A8(7a)',\n '6.0(2)A8(7b)',\n '6.0(2)A8(8)',\n '6.0(2)A8(9)',\n '6.0(2)A8(10a)',\n '6.0(2)A8(10)',\n '6.0(2)A8(11)',\n '6.0(2)A8(11a)',\n '6.0(2)A8(11b)',\n '6.0(2)U4(1)',\n '6.0(2)U4(2)',\n '6.0(2)U4(3)',\n '6.0(2)U4(4)',\n '6.0(2)U5(1)',\n '6.0(2)U5(2)',\n '6.0(2)U5(3)',\n '6.0(2)U5(4)',\n '6.0(2)U6(1)',\n '6.0(2)U6(2)',\n '6.0(2)U6(3)',\n '6.0(2)U6(4)',\n '6.0(2)U6(5)',\n '6.0(2)U6(6)',\n '6.0(2)U6(7)',\n '6.0(2)U6(8)',\n '6.0(2)U6(1a)',\n '6.0(2)U6(2a)',\n '6.0(2)U6(3a)',\n '6.0(2)U6(4a)',\n '6.0(2)U6(5a)',\n '6.0(2)U6(5b)',\n '6.0(2)U6(5c)',\n '6.0(2)U6(9)',\n '6.0(2)U6(10)',\n '6.0(2)U6(10a)',\n '6.1(2)I2(2a)',\n '6.1(2)I2(2b)',\n '6.1(2)I3(1)',\n '6.1(2)I3(2)',\n '6.1(2)I3(3)',\n '6.1(2)I3(4)',\n '6.1(2)I3(3a)',\n '6.1(2)I3(4a)',\n '6.1(2)I3(4b)',\n '6.1(2)I3(4c)',\n '6.1(2)I3(4d)',\n '6.1(2)I3(4e)',\n '7.0(3)F3(1)',\n '7.0(3)F3(2)',\n '7.0(3)F3(3)',\n '7.0(3)F3(3a)',\n '7.0(3)F3(4)',\n '7.0(3)F3(3c)',\n '7.0(3)F3(5)',\n '7.0(3)I1(1)',\n '7.0(3)I1(1a)',\n '7.0(3)I1(1b)',\n '7.0(3)I1(2)',\n '7.0(3)I1(3)',\n '7.0(3)I1(3a)',\n '7.0(3)I1(3b)',\n '7.0(3)I1(1z)',\n '7.0(3)I2(2a)',\n '7.0(3)I2(2b)',\n '7.0(3)I2(2c)',\n '7.0(3)I2(2d)',\n '7.0(3)I2(2e)',\n '7.0(3)I2(3)',\n '7.0(3)I2(4)',\n '7.0(3)I2(5)',\n '7.0(3)I2(1)',\n '7.0(3)I2(1a)',\n '7.0(3)I2(2)',\n '7.0(3)I2(2r)',\n '7.0(3)I2(2s)',\n '7.0(3)I2(2v)',\n '7.0(3)I2(2w)',\n '7.0(3)I2(2x)',\n '7.0(3)I2(2y)',\n '7.0(3)I3(1)',\n '7.0(3)I4(1)',\n '7.0(3)I4(2)',\n '7.0(3)I4(3)',\n '7.0(3)I4(4)',\n '7.0(3)I4(5)',\n '7.0(3)I4(6)',\n '7.0(3)I4(7)',\n '7.0(3)I4(8)',\n '7.0(3)I4(8a)',\n '7.0(3)I4(8b)',\n '7.0(3)I4(8z)',\n '7.0(3)I4(1t)',\n '7.0(3)I4(6t)',\n '7.0(3)I4(9)',\n '7.0(3)I5(1)',\n '7.0(3)I5(2)',\n '7.0(3)I5(3)',\n '7.0(3)I5(3a)',\n '7.0(3)I5(3b)',\n '7.0(3)I6(1)',\n '7.0(3)I6(2)',\n '7.0(3)I7(1)',\n '7.0(3)I7(2)',\n '7.0(3)I7(3)',\n '7.0(3)I7(4)',\n '7.0(3)I7(5)',\n '7.0(3)I7(5a)',\n '7.0(3)I7(3z)',\n '7.0(3)I7(6)',\n '7.0(3)I7(6z)',\n '7.0(3)I7(7)',\n '7.0(3)I7(8)',\n '7.0(3)I7(9)',\n '7.0(3)I7(9w)',\n '7.0(3)I7(10)',\n '7.0(3)IX1(2)',\n '7.0(3)IX1(2a)',\n '9.2(1)',\n '9.2(2)',\n '9.2(2t)',\n '9.2(3)',\n '9.2(3y)',\n '9.2(4)',\n '9.2(2v)',\n '7.0(3)IC4(4)',\n '7.0(3)IM7(2)',\n '9.3(1)',\n '9.3(2)',\n '9.3(3)',\n '9.3(4)',\n '9.3(5)',\n '9.3(6)',\n '9.3(7)',\n '9.3(7k)',\n '9.3(7a)',\n '9.3(8)',\n '10.1(1)',\n '10.1(2)',\n '10.2(1)',\n '6.1(2)I1(3)',\n '6.1(2)I1(2)',\n '6.1(2)I2(1)',\n '6.1(2)I2(2)',\n '6.1(2)I2(2a)',\n '6.1(2)I2(3)',\n '6.1(2)I2(2b)',\n '6.1(2)I3(1)',\n '6.1(2)I3(2)',\n '6.1(2)I3(3)',\n '6.1(2)I3(4)',\n '6.1(2)I3(3a)',\n '6.1(2)I3(4a)',\n '6.1(2)I3(4b)',\n '6.1(2)I3(4c)',\n '6.1(2)I3(4d)',\n '6.1(2)I3(4e)',\n '6.1(2)I3(5)',\n '6.1(2)I3(5a)',\n '6.1(2)I3(5b)',\n '7.0(3)F1(1)',\n '7.0(3)F2(1)',\n '7.0(3)F2(2)',\n '7.0(3)F3(1)',\n '7.0(3)F3(3)',\n '7.0(3)F3(3a)',\n '7.0(3)F3(4)',\n '7.0(3)F3(3c)',\n '7.0(3)F3(5)',\n '7.0(3)I1(1)',\n '7.0(3)I1(1a)',\n '7.0(3)I1(1b)',\n '7.0(3)I1(2)',\n '7.0(3)I1(3)',\n '7.0(3)I1(3a)',\n '7.0(3)I1(3b)',\n '7.0(3)I1(1z)',\n '7.0(3)I2(2a)',\n '7.0(3)I2(2b)',\n '7.0(3)I2(2c)',\n '7.0(3)I2(2d)',\n '7.0(3)I2(2e)',\n '7.0(3)I2(3)',\n '7.0(3)I2(4)',\n '7.0(3)I2(5)',\n '7.0(3)I2(1)',\n '7.0(3)I2(1a)',\n '7.0(3)I2(2)',\n '7.0(3)I2(2r)',\n '7.0(3)I2(2s)',\n '7.0(3)I2(2v)',\n '7.0(3)I2(2w)',\n '7.0(3)I2(2x)',\n '7.0(3)I2(2y)',\n '7.0(3)I3(1)',\n '7.0(3)I4(1)',\n '7.0(3)I4(2)',\n '7.0(3)I4(3)',\n '7.0(3)I4(4)',\n '7.0(3)I4(5)',\n '7.0(3)I4(6)',\n '7.0(3)I4(7)',\n '7.0(3)I4(8)',\n '7.0(3)I4(8a)',\n '7.0(3)I4(8b)',\n '7.0(3)I4(8z)',\n '7.0(3)I4(1t)',\n '7.0(3)I4(6t)',\n '7.0(3)I4(9)',\n '7.0(3)I5(1)',\n '7.0(3)I5(2)',\n '7.0(3)I5(3)',\n '7.0(3)I5(3a)',\n '7.0(3)I5(3b)',\n '7.0(3)I6(1)',\n '7.0(3)I6(2)',\n '7.0(3)I7(1)',\n '7.0(3)I7(2)',\n '7.0(3)I7(3)',\n '7.0(3)I7(4)',\n '7.0(3)I7(5)',\n '7.0(3)I7(5a)',\n '7.0(3)I7(3z)',\n '7.0(3)I7(6)',\n '7.0(3)I7(7)',\n '7.0(3)I7(8)',\n '7.0(3)I7(9)',\n '7.0(3)I7(9w)',\n '7.0(3)I7(10)',\n '9.2(1)',\n '9.2(2)',\n '9.2(3)',\n '9.2(3y)',\n '9.2(4)',\n '7.0(3)IA7(1)',\n '7.0(3)IA7(2)',\n '7.0(3)IC4(4)',\n '7.0(3)IM3(1)',\n '7.0(3)IM3(2)',\n '7.0(3)IM3(2a)',\n '7.0(3)IM3(2b)',\n '7.0(3)IM3(3)',\n '9.3(1)',\n '9.3(2)',\n '9.3(3)',\n '9.3(1z)',\n '9.3(4)',\n '9.3(5)',\n '9.3(6)',\n '9.3(5w)',\n '9.3(7)',\n '9.3(7k)',\n '9.3(7a)',\n '9.3(8)',\n '10.1(1)',\n '10.1(2)',\n '10.2(1)',\n '10.2(1q)'\n );\n}\n\nif ('Nexus' >< product_info.device && product_info.model =~ \"(^|[^0-9])5[56][0-9]{2,}\")\n{\n version_list = make_list(\n '6.0(2)A4(1)',\n '6.0(2)A4(2)',\n '6.0(2)A4(3)',\n '6.0(2)A4(4)',\n '6.0(2)A4(5)',\n '6.0(2)A4(6)',\n '6.0(2)A6(1)',\n '6.0(2)A6(1a)',\n '6.0(2)A6(2)',\n '6.0(2)A6(2a)',\n '6.0(2)A6(3)',\n '6.0(2)A6(3a)',\n '6.0(2)A6(4)',\n '6.0(2)A6(4a)',\n '6.0(2)A6(5)',\n '6.0(2)A6(5a)',\n '6.0(2)A6(5b)',\n '6.0(2)A6(6)',\n '6.0(2)A6(7)',\n '6.0(2)A6(8)',\n '6.0(2)A7(1)',\n '6.0(2)A7(1a)',\n '6.0(2)A7(2)',\n '6.0(2)A7(2a)',\n '6.0(2)A8(1)',\n '6.0(2)A8(2)',\n '6.0(2)A8(3)',\n '6.0(2)A8(4)',\n '6.0(2)A8(4a)',\n '6.0(2)A8(5)',\n '6.0(2)A8(6)',\n '6.0(2)A8(7)',\n '6.0(2)A8(7a)',\n '6.0(2)A8(7b)',\n '6.0(2)A8(8)',\n '6.0(2)A8(9)',\n '6.0(2)A8(10a)',\n '6.0(2)A8(10)',\n '6.0(2)A8(11)',\n '6.0(2)A8(11a)',\n '6.0(2)A8(11b)',\n '6.0(2)U4(1)',\n '6.0(2)U4(2)',\n '6.0(2)U4(3)',\n '6.0(2)U4(4)',\n '6.0(2)U5(1)',\n '6.0(2)U5(2)',\n '6.0(2)U5(3)',\n '6.0(2)U5(4)',\n '6.0(2)U6(1)',\n '6.0(2)U6(2)',\n '6.0(2)U6(3)',\n '6.0(2)U6(4)',\n '6.0(2)U6(5)',\n '6.0(2)U6(6)',\n '6.0(2)U6(7)',\n '6.0(2)U6(8)',\n '6.0(2)U6(1a)',\n '6.0(2)U6(2a)',\n '6.0(2)U6(3a)',\n '6.0(2)U6(4a)',\n '6.0(2)U6(5a)',\n '6.0(2)U6(5b)',\n '6.0(2)U6(5c)',\n '6.0(2)U6(9)',\n '6.0(2)U6(10)',\n '6.0(2)U6(10a)',\n '6.1(2)I2(2a)',\n '6.1(2)I2(2b)',\n '6.1(2)I3(1)',\n '6.1(2)I3(2)',\n '6.1(2)I3(3)',\n '6.1(2)I3(4)',\n '6.1(2)I3(3a)',\n '6.1(2)I3(4a)',\n '6.1(2)I3(4b)',\n '6.1(2)I3(4c)',\n '6.1(2)I3(4d)',\n '6.1(2)I3(4e)',\n '7.0(3)F3(1)',\n '7.0(3)F3(2)',\n '7.0(3)F3(3)',\n '7.0(3)F3(3a)',\n '7.0(3)F3(4)',\n '7.0(3)F3(3c)',\n '7.0(3)F3(5)',\n '7.0(3)I1(1)',\n '7.0(3)I1(1a)',\n '7.0(3)I1(1b)',\n '7.0(3)I1(2)',\n '7.0(3)I1(3)',\n '7.0(3)I1(3a)',\n '7.0(3)I1(3b)',\n '7.0(3)I1(1z)',\n '7.0(3)I2(2a)',\n '7.0(3)I2(2b)',\n '7.0(3)I2(2c)',\n '7.0(3)I2(2d)',\n '7.0(3)I2(2e)',\n '7.0(3)I2(3)',\n '7.0(3)I2(4)',\n '7.0(3)I2(5)',\n '7.0(3)I2(1)',\n '7.0(3)I2(1a)',\n '7.0(3)I2(2)',\n '7.0(3)I2(2r)',\n '7.0(3)I2(2s)',\n '7.0(3)I2(2v)',\n '7.0(3)I2(2w)',\n '7.0(3)I2(2x)',\n '7.0(3)I2(2y)',\n '7.0(3)I3(1)',\n '7.0(3)I4(1)',\n '7.0(3)I4(2)',\n '7.0(3)I4(3)',\n '7.0(3)I4(4)',\n '7.0(3)I4(5)',\n '7.0(3)I4(6)',\n '7.0(3)I4(7)',\n '7.0(3)I4(8)',\n '7.0(3)I4(8a)',\n '7.0(3)I4(8b)',\n '7.0(3)I4(8z)',\n '7.0(3)I4(1t)',\n '7.0(3)I4(6t)',\n '7.0(3)I4(9)',\n '7.0(3)I5(1)',\n '7.0(3)I5(2)',\n '7.0(3)I5(3)',\n '7.0(3)I5(3a)',\n '7.0(3)I5(3b)',\n '7.0(3)I6(1)',\n '7.0(3)I6(2)',\n '7.0(3)I7(1)',\n '7.0(3)I7(2)',\n '7.0(3)I7(3)',\n '7.0(3)I7(4)',\n '7.0(3)I7(5)',\n '7.0(3)I7(5a)',\n '7.0(3)I7(3z)',\n '7.0(3)I7(6)',\n '7.0(3)I7(6z)',\n '7.0(3)I7(7)',\n '7.0(3)I7(8)',\n '7.0(3)I7(9)',\n '7.0(3)I7(9w)',\n '7.0(3)I7(10)',\n '7.0(3)IX1(2)',\n '7.0(3)IX1(2a)',\n '9.2(1)',\n '9.2(2)',\n '9.2(2t)',\n '9.2(3)',\n '9.2(3y)',\n '9.2(4)',\n '9.2(2v)',\n '7.0(3)IC4(4)',\n '7.0(3)IM7(2)',\n '9.3(1)',\n '9.3(2)',\n '9.3(3)',\n '9.3(4)',\n '9.3(5)',\n '9.3(6)',\n '9.3(7)',\n '9.3(7k)',\n '9.3(7a)',\n '9.3(8)',\n '10.1(1)',\n '10.1(2)',\n '10.2(1)',\n '6.1(2)I1(3)',\n '6.1(2)I1(2)',\n '6.1(2)I2(1)',\n '6.1(2)I2(2)',\n '6.1(2)I2(2a)',\n '6.1(2)I2(3)',\n '6.1(2)I2(2b)',\n '6.1(2)I3(1)',\n '6.1(2)I3(2)',\n '6.1(2)I3(3)',\n '6.1(2)I3(4)',\n '6.1(2)I3(3a)',\n '6.1(2)I3(4a)',\n '6.1(2)I3(4b)',\n '6.1(2)I3(4c)',\n '6.1(2)I3(4d)',\n '6.1(2)I3(4e)',\n '6.1(2)I3(5)',\n '6.1(2)I3(5a)',\n '6.1(2)I3(5b)',\n '7.0(3)F1(1)',\n '7.0(3)F2(1)',\n '7.0(3)F2(2)',\n '7.0(3)F3(1)',\n '7.0(3)F3(3)',\n '7.0(3)F3(3a)',\n '7.0(3)F3(4)',\n '7.0(3)F3(3c)',\n '7.0(3)F3(5)',\n '7.0(3)I1(1)',\n '7.0(3)I1(1a)',\n '7.0(3)I1(1b)',\n '7.0(3)I1(2)',\n '7.0(3)I1(3)',\n '7.0(3)I1(3a)',\n '7.0(3)I1(3b)',\n '7.0(3)I1(1z)',\n '7.0(3)I2(2a)',\n '7.0(3)I2(2b)',\n '7.0(3)I2(2c)',\n '7.0(3)I2(2d)',\n '7.0(3)I2(2e)',\n '7.0(3)I2(3)',\n '7.0(3)I2(4)',\n '7.0(3)I2(5)',\n '7.0(3)I2(1)',\n '7.0(3)I2(1a)',\n '7.0(3)I2(2)',\n '7.0(3)I2(2r)',\n '7.0(3)I2(2s)',\n '7.0(3)I2(2v)',\n '7.0(3)I2(2w)',\n '7.0(3)I2(2x)',\n '7.0(3)I2(2y)',\n '7.0(3)I3(1)',\n '7.0(3)I4(1)',\n '7.0(3)I4(2)',\n '7.0(3)I4(3)',\n '7.0(3)I4(4)',\n '7.0(3)I4(5)',\n '7.0(3)I4(6)',\n '7.0(3)I4(7)',\n '7.0(3)I4(8)',\n '7.0(3)I4(8a)',\n '7.0(3)I4(8b)',\n '7.0(3)I4(8z)',\n '7.0(3)I4(1t)',\n '7.0(3)I4(6t)',\n '7.0(3)I4(9)',\n '7.0(3)I5(1)',\n '7.0(3)I5(2)',\n '7.0(3)I5(3)',\n '7.0(3)I5(3a)',\n '7.0(3)I5(3b)',\n '7.0(3)I6(1)',\n '7.0(3)I6(2)',\n '7.0(3)I7(1)',\n '7.0(3)I7(2)',\n '7.0(3)I7(3)',\n '7.0(3)I7(4)',\n '7.0(3)I7(5)',\n '7.0(3)I7(5a)',\n '7.0(3)I7(3z)',\n '7.0(3)I7(6)',\n '7.0(3)I7(7)',\n '7.0(3)I7(8)',\n '7.0(3)I7(9)',\n '7.0(3)I7(9w)',\n '7.0(3)I7(10)',\n '9.2(1)',\n '9.2(2)',\n '9.2(3)',\n '9.2(3y)',\n '9.2(4)',\n '7.0(3)IA7(1)',\n '7.0(3)IA7(2)',\n '7.0(3)IC4(4)',\n '7.0(3)IM3(1)',\n '7.0(3)IM3(2)',\n '7.0(3)IM3(2a)',\n '7.0(3)IM3(2b)',\n '7.0(3)IM3(3)',\n '9.3(1)',\n '9.3(2)',\n '9.3(3)',\n '9.3(1z)',\n '9.3(4)',\n '9.3(5)',\n '9.3(6)',\n '9.3(5w)',\n '9.3(7)',\n '9.3(7k)',\n '9.3(7a)',\n '9.3(8)',\n '10.1(1)',\n '10.1(2)',\n '10.2(1)',\n '10.2(1q)',\n '7.1(0)N1(1a)',\n '7.1(0)N1(1b)',\n '7.1(0)N1(1)',\n '7.1(1)N1(1)',\n '7.1(1)N1(1a)',\n '7.1(2)N1(1)',\n '7.1(2)N1(1a)',\n '7.1(3)N1(1)',\n '7.1(3)N1(2)',\n '7.1(3)N1(5)',\n '7.1(3)N1(4)',\n '7.1(3)N1(3)',\n '7.1(3)N1(2a)',\n '7.1(4)N1(1)',\n '7.1(4)N1(1d)',\n '7.1(4)N1(1c)',\n '7.1(4)N1(1a)',\n '7.1(5)N1(1)',\n '7.1(5)N1(1b)',\n '7.2(0)N1(1)',\n '7.2(1)N1(1)',\n '7.3(0)N1(1)',\n '7.3(0)N1(1b)',\n '7.3(0)N1(1a)',\n '7.3(1)N1(1)',\n '7.3(2)N1(1)',\n '7.3(2)N1(1b)',\n '7.3(2)N1(1c)',\n '7.3(3)N1(1)',\n '7.3(4)N1(1)',\n '7.3(4)N1(1a)',\n '7.3(5)N1(1)',\n '7.3(6)N1(1)',\n '7.3(6)N1(1a)',\n '7.3(7)N1(1)',\n '7.3(7)N1(1a)',\n '7.3(7)N1(1b)',\n '7.3(8)N1(1)',\n '7.3(8)N1(1a)',\n '7.3(8)N1(1b)',\n '7.3(9)N1(1)',\n '7.3(10)N1(1)'\n );\n}\n\nif ('Nexus' >< product_info.device && product_info.model =~ \"(^|[^0-9])6[0-9]{3,}\")\n{\n version_list = make_list(\n '6.0(2)A4(1)',\n '6.0(2)A4(2)',\n '6.0(2)A4(3)',\n '6.0(2)A4(4)',\n '6.0(2)A4(5)',\n '6.0(2)A4(6)',\n '6.0(2)A6(1)',\n '6.0(2)A6(1a)',\n '6.0(2)A6(2)',\n '6.0(2)A6(2a)',\n '6.0(2)A6(3)',\n '6.0(2)A6(3a)',\n '6.0(2)A6(4)',\n '6.0(2)A6(4a)',\n '6.0(2)A6(5)',\n '6.0(2)A6(5a)',\n '6.0(2)A6(5b)',\n '6.0(2)A6(6)',\n '6.0(2)A6(7)',\n '6.0(2)A6(8)',\n '6.0(2)A7(1)',\n '6.0(2)A7(1a)',\n '6.0(2)A7(2)',\n '6.0(2)A7(2a)',\n '6.0(2)A8(1)',\n '6.0(2)A8(2)',\n '6.0(2)A8(3)',\n '6.0(2)A8(4)',\n '6.0(2)A8(4a)',\n '6.0(2)A8(5)',\n '6.0(2)A8(6)',\n '6.0(2)A8(7)',\n '6.0(2)A8(7a)',\n '6.0(2)A8(7b)',\n '6.0(2)A8(8)',\n '6.0(2)A8(9)',\n '6.0(2)A8(10a)',\n '6.0(2)A8(10)',\n '6.0(2)A8(11)',\n '6.0(2)A8(11a)',\n '6.0(2)A8(11b)',\n '6.0(2)U4(1)',\n '6.0(2)U4(2)',\n '6.0(2)U4(3)',\n '6.0(2)U4(4)',\n '6.0(2)U5(1)',\n '6.0(2)U5(2)',\n '6.0(2)U5(3)',\n '6.0(2)U5(4)',\n '6.0(2)U6(1)',\n '6.0(2)U6(2)',\n '6.0(2)U6(3)',\n '6.0(2)U6(4)',\n '6.0(2)U6(5)',\n '6.0(2)U6(6)',\n '6.0(2)U6(7)',\n '6.0(2)U6(8)',\n '6.0(2)U6(1a)',\n '6.0(2)U6(2a)',\n '6.0(2)U6(3a)',\n '6.0(2)U6(4a)',\n '6.0(2)U6(5a)',\n '6.0(2)U6(5b)',\n '6.0(2)U6(5c)',\n '6.0(2)U6(9)',\n '6.0(2)U6(10)',\n '6.0(2)U6(10a)',\n '6.1(2)I2(2a)',\n '6.1(2)I2(2b)',\n '6.1(2)I3(1)',\n '6.1(2)I3(2)',\n '6.1(2)I3(3)',\n '6.1(2)I3(4)',\n '6.1(2)I3(3a)',\n '6.1(2)I3(4a)',\n '6.1(2)I3(4b)',\n '6.1(2)I3(4c)',\n '6.1(2)I3(4d)',\n '6.1(2)I3(4e)',\n '7.0(3)F3(1)',\n '7.0(3)F3(2)',\n '7.0(3)F3(3)',\n '7.0(3)F3(3a)',\n '7.0(3)F3(4)',\n '7.0(3)F3(3c)',\n '7.0(3)F3(5)',\n '7.0(3)I1(1)',\n '7.0(3)I1(1a)',\n '7.0(3)I1(1b)',\n '7.0(3)I1(2)',\n '7.0(3)I1(3)',\n '7.0(3)I1(3a)',\n '7.0(3)I1(3b)',\n '7.0(3)I1(1z)',\n '7.0(3)I2(2a)',\n '7.0(3)I2(2b)',\n '7.0(3)I2(2c)',\n '7.0(3)I2(2d)',\n '7.0(3)I2(2e)',\n '7.0(3)I2(3)',\n '7.0(3)I2(4)',\n '7.0(3)I2(5)',\n '7.0(3)I2(1)',\n '7.0(3)I2(1a)',\n '7.0(3)I2(2)',\n '7.0(3)I2(2r)',\n '7.0(3)I2(2s)',\n '7.0(3)I2(2v)',\n '7.0(3)I2(2w)',\n '7.0(3)I2(2x)',\n '7.0(3)I2(2y)',\n '7.0(3)I3(1)',\n '7.0(3)I4(1)',\n '7.0(3)I4(2)',\n '7.0(3)I4(3)',\n '7.0(3)I4(4)',\n '7.0(3)I4(5)',\n '7.0(3)I4(6)',\n '7.0(3)I4(7)',\n '7.0(3)I4(8)',\n '7.0(3)I4(8a)',\n '7.0(3)I4(8b)',\n '7.0(3)I4(8z)',\n '7.0(3)I4(1t)',\n '7.0(3)I4(6t)',\n '7.0(3)I4(9)',\n '7.0(3)I5(1)',\n '7.0(3)I5(2)',\n '7.0(3)I5(3)',\n '7.0(3)I5(3a)',\n '7.0(3)I5(3b)',\n '7.0(3)I6(1)',\n '7.0(3)I6(2)',\n '7.0(3)I7(1)',\n '7.0(3)I7(2)',\n '7.0(3)I7(3)',\n '7.0(3)I7(4)',\n '7.0(3)I7(5)',\n '7.0(3)I7(5a)',\n '7.0(3)I7(3z)',\n '7.0(3)I7(6)',\n '7.0(3)I7(6z)',\n '7.0(3)I7(7)',\n '7.0(3)I7(8)',\n '7.0(3)I7(9)',\n '7.0(3)I7(9w)',\n '7.0(3)I7(10)',\n '7.0(3)IX1(2)',\n '7.0(3)IX1(2a)',\n '9.2(1)',\n '9.2(2)',\n '9.2(2t)',\n '9.2(3)',\n '9.2(3y)',\n '9.2(4)',\n '9.2(2v)',\n '7.0(3)IC4(4)',\n '7.0(3)IM7(2)',\n '9.3(1)',\n '9.3(2)',\n '9.3(3)',\n '9.3(4)',\n '9.3(5)',\n '9.3(6)',\n '9.3(7)',\n '9.3(7k)',\n '9.3(7a)',\n '9.3(8)',\n '10.1(1)',\n '10.1(2)',\n '10.2(1)',\n '6.1(2)I1(3)',\n '6.1(2)I1(2)',\n '6.1(2)I2(1)',\n '6.1(2)I2(2)',\n '6.1(2)I2(2a)',\n '6.1(2)I2(3)',\n '6.1(2)I2(2b)',\n '6.1(2)I3(1)',\n '6.1(2)I3(2)',\n '6.1(2)I3(3)',\n '6.1(2)I3(4)',\n '6.1(2)I3(3a)',\n '6.1(2)I3(4a)',\n '6.1(2)I3(4b)',\n '6.1(2)I3(4c)',\n '6.1(2)I3(4d)',\n '6.1(2)I3(4e)',\n '6.1(2)I3(5)',\n '6.1(2)I3(5a)',\n '6.1(2)I3(5b)',\n '7.0(3)F1(1)',\n '7.0(3)F2(1)',\n '7.0(3)F2(2)',\n '7.0(3)F3(1)',\n '7.0(3)F3(3)',\n '7.0(3)F3(3a)',\n '7.0(3)F3(4)',\n '7.0(3)F3(3c)',\n '7.0(3)F3(5)',\n '7.0(3)I1(1)',\n '7.0(3)I1(1a)',\n '7.0(3)I1(1b)',\n '7.0(3)I1(2)',\n '7.0(3)I1(3)',\n '7.0(3)I1(3a)',\n '7.0(3)I1(3b)',\n '7.0(3)I1(1z)',\n '7.0(3)I2(2a)',\n '7.0(3)I2(2b)',\n '7.0(3)I2(2c)',\n '7.0(3)I2(2d)',\n '7.0(3)I2(2e)',\n '7.0(3)I2(3)',\n '7.0(3)I2(4)',\n '7.0(3)I2(5)',\n '7.0(3)I2(1)',\n '7.0(3)I2(1a)',\n '7.0(3)I2(2)',\n '7.0(3)I2(2r)',\n '7.0(3)I2(2s)',\n '7.0(3)I2(2v)',\n '7.0(3)I2(2w)',\n '7.0(3)I2(2x)',\n '7.0(3)I2(2y)',\n '7.0(3)I3(1)',\n '7.0(3)I4(1)',\n '7.0(3)I4(2)',\n '7.0(3)I4(3)',\n '7.0(3)I4(4)',\n '7.0(3)I4(5)',\n '7.0(3)I4(6)',\n '7.0(3)I4(7)',\n '7.0(3)I4(8)',\n '7.0(3)I4(8a)',\n '7.0(3)I4(8b)',\n '7.0(3)I4(8z)',\n '7.0(3)I4(1t)',\n '7.0(3)I4(6t)',\n '7.0(3)I4(9)',\n '7.0(3)I5(1)',\n '7.0(3)I5(2)',\n '7.0(3)I5(3)',\n '7.0(3)I5(3a)',\n '7.0(3)I5(3b)',\n '7.0(3)I6(1)',\n '7.0(3)I6(2)',\n '7.0(3)I7(1)',\n '7.0(3)I7(2)',\n '7.0(3)I7(3)',\n '7.0(3)I7(4)',\n '7.0(3)I7(5)',\n '7.0(3)I7(5a)',\n '7.0(3)I7(3z)',\n '7.0(3)I7(6)',\n '7.0(3)I7(7)',\n '7.0(3)I7(8)',\n '7.0(3)I7(9)',\n '7.0(3)I7(9w)',\n '7.0(3)I7(10)',\n '9.2(1)',\n '9.2(2)',\n '9.2(3)',\n '9.2(3y)',\n '9.2(4)',\n '7.0(3)IA7(1)',\n '7.0(3)IA7(2)',\n '7.0(3)IC4(4)',\n '7.0(3)IM3(1)',\n '7.0(3)IM3(2)',\n '7.0(3)IM3(2a)',\n '7.0(3)IM3(2b)',\n '7.0(3)IM3(3)',\n '9.3(1)',\n '9.3(2)',\n '9.3(3)',\n '9.3(1z)',\n '9.3(4)',\n '9.3(5)',\n '9.3(6)',\n '9.3(5w)',\n '9.3(7)',\n '9.3(7k)',\n '9.3(7a)',\n '9.3(8)',\n '10.1(1)',\n '10.1(2)',\n '10.2(1)',\n '10.2(1q)',\n '7.1(0)N1(1a)',\n '7.1(0)N1(1b)',\n '7.1(0)N1(1)',\n '7.1(1)N1(1)',\n '7.1(1)N1(1a)',\n '7.1(2)N1(1)',\n '7.1(2)N1(1a)',\n '7.1(3)N1(1)',\n '7.1(3)N1(2)',\n '7.1(3)N1(5)',\n '7.1(3)N1(4)',\n '7.1(3)N1(3)',\n '7.1(3)N1(2a)',\n '7.1(4)N1(1)',\n '7.1(4)N1(1d)',\n '7.1(4)N1(1c)',\n '7.1(4)N1(1a)',\n '7.1(5)N1(1)',\n '7.1(5)N1(1b)',\n '7.2(0)N1(1)',\n '7.2(1)N1(1)',\n '7.3(0)N1(1)',\n '7.3(0)N1(1b)',\n '7.3(0)N1(1a)',\n '7.3(1)N1(1)',\n '7.3(2)N1(1)',\n '7.3(2)N1(1b)',\n '7.3(2)N1(1c)',\n '7.3(3)N1(1)',\n '7.3(4)N1(1)',\n '7.3(4)N1(1a)',\n '7.3(5)N1(1)',\n '7.3(6)N1(1)',\n '7.3(6)N1(1a)',\n '7.3(7)N1(1)',\n '7.3(7)N1(1a)',\n '7.3(7)N1(1b)',\n '7.3(8)N1(1)',\n '7.3(8)N1(1a)',\n '7.3(8)N1(1b)',\n '7.3(9)N1(1)',\n '7.3(10)N1(1)',\n '7.1(0)N1(1a)',\n '7.1(0)N1(1b)',\n '7.1(0)N1(1)',\n '7.1(1)N1(1)',\n '7.1(1)N1(1a)',\n '7.1(2)N1(1)',\n '7.1(2)N1(1a)',\n '7.1(3)N1(1)',\n '7.1(3)N1(2)',\n '7.1(3)N1(5)',\n '7.1(3)N1(4)',\n '7.1(3)N1(3)',\n '7.1(3)N1(2a)',\n '7.1(4)N1(1)',\n '7.1(4)N1(1d)',\n '7.1(4)N1(1c)',\n '7.1(4)N1(1a)',\n '7.1(5)N1(1)',\n '7.1(5)N1(1b)',\n '7.2(0)N1(1)',\n '7.2(1)N1(1)',\n '7.3(0)N1(1)',\n '7.3(0)N1(1b)',\n '7.3(0)N1(1a)',\n '7.3(1)N1(1)',\n '7.3(2)N1(1)',\n '7.3(2)N1(1b)',\n '7.3(2)N1(1c)',\n '7.3(3)N1(1)',\n '7.3(4)N1(1)',\n '7.3(4)N1(1a)',\n '7.3(5)N1(1)',\n '7.3(6)N1(1)',\n '7.3(6)N1(1a)',\n '7.3(7)N1(1)',\n '7.3(7)N1(1a)',\n '7.3(7)N1(1b)',\n '7.3(8)N1(1)',\n '7.3(8)N1(1a)',\n '7.3(8)N1(1b)',\n '7.3(9)N1(1)',\n '7.3(10)N1(1)'\n );\n}\n\nvar reporting = make_array(\n 'port' , 0,\n 'severity', SECURITY_HOLE,\n 'version' , product_info['version'],\n 'bug_id' , 'CSCvz80191, CSCvz81047',\n 'cmds' , make_list('show feature')\n);\n\nvar workarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);\nvar workaround_params = WORKAROUND_CONFIG['nxos_nxapi_feature'];\n\ncisco::check_and_report(\n product_info:product_info,\n workarounds:workarounds,\n workaround_params:workaround_params,\n reporting:reporting,\n vuln_versions:version_list,\n smus:smus\n);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}]}

New Flaws Discovered in Cisco's Network Operating System for Switches

Description

Related