Vulnerabilities > CVE-2017-3804 - Unspecified vulnerability in Cisco Nx-Os

047910
CVSS 6.1 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
high complexity
cisco
nessus

Summary

A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. Switches in the FabricPath domain crash because of an __inst_001__isis_fabricpath hap reset when processing a crafted link-state packet. More Information: CSCvc45002. Known Affected Releases: 7.1(3)N1(2.1) 7.1(3)N1(3.12) 7.3(2)N1(0.296) 8.0(1)S2. Known Fixed Releases: 6.2(18)S11 7.0(3)I5(1.170) 7.0(3)I5(2) 7.1(4)N1(0.4) 7.1(4)N1(1b) 7.1(5)N1(0.986) 7.1(5)N1(1) 7.2(3)D1(0.8) 7.3(2)N1(0.304) 7.3(2)N1(1) 8.0(0.96)S0 8.0(1) 8.0(1)E1 8.0(1)S4 8.3(0)CV(0.788).

Nessus

NASL familyCISCO
NASL idCISCO-SA-20170118-NEXUS-NX-OS.NASL
descriptionAccording to its self-reported version, the Cisco NX-OS Software is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.
last seen2020-06-01
modified2020-06-02
plugin id102995
published2017-09-07
reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/102995
titleCisco NX-OS IS-IS Packet Processing Denial of Service Vulnerability
code
#TRUSTED 8baedf77c9b9f449ea52bc518e2e5a5898809998c70b62fccba647051c772f63b45f1a66c6450c8fb8fddedc6bb074dae0e6b6089b2182869a5b5b2d020979da814f36dfc144a92d1e5c45adc6bb310298986dc74c71e0852553a2cf9849a4c16a8a4a5c4f3670ea6156e94f400493bf6fddd488a1efead4d84f94c79855ed9c467a75545f2de283b81f8a5e3cf01bd21d0702d1e2b5a2d9ed0ab95157ac2031a58478b88f0722cb05a67359902e788ffaa1b5efd11869eca9612dba5c6f69769b58e4d4d23de6f06ce9a28a47a7d90c30f8612d544e6cab3ef63e3493c38ebb1e5b33a20562c7779f36f3524b26fe1ed0b12e871d3ce1d6814c8b88082eb9cf1a7184ee94fe2edb6b25e35e3f9785afb10396f2d9d43c5ccb19dc708b989cc526e4ade955b3d41fad4d2a781a91387547b9c41551bf1e477bed88cb593f01d35a84db5a8d591c2cb4ac1fa9df25aa06bec51c105b9e5d0ec8c6e48986b321ab68c1e3e6bf272b7d169cb86a44b42383f4c7273d35645e5d8487e5eb552dbd62d878edc1319ab60dbf8241f60ea4a27f9b03f5d659bf248e9cf318e7238efe5f3a9b5268f4c642fc797365a36c942ae32b204ce374098e34332f467d7020438aacfe76e23204cd90bcf6207ee8df918c47a4998d98a0fff0e9b95b306fc4a363982e80fb07a5442837d1a30239bdc5d999b1bed860bfc074d641f4082dd81c59
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(102995);
  script_version("1.5");
  script_cvs_date("Date: 2019/12/20");

  script_cve_id("CVE-2017-3804");
  script_bugtraq_id(95638);
  script_xref(name:"CISCO-BUG-ID", value:"CSCvc45002");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20170118-nexus");

  script_name(english:"Cisco NX-OS IS-IS Packet Processing Denial of Service Vulnerability");
  script_summary(english:"Checks the Cisco NX-OS Software version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Cisco NX-OS Software is affected
by one or more vulnerabilities. Please see the included Cisco BIDs
and the Cisco Security Advisory for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nexus
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?63c3627f");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc45002");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID(s)
CSCvc45002.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3804");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/01/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/07");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cpe:/h:cisco:nexus_1000v");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_nxos_version.nasl");
  script_require_keys("Host/Cisco/NX-OS/Device", "Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Model");

  exit(0);
}

include("audit.inc");
include("cisco_workarounds.inc");
include("ccf.inc");

device = get_kb_item_or_exit("Host/Cisco/NX-OS/Device");
model = get_kb_item_or_exit("Host/Cisco/NX-OS/Model");
version = get_kb_item_or_exit("Host/Cisco/NX-OS/Version");

# Only models 5000, 6000, and 7000 are affected as well as specific MDS models
if (
  ('Nexus' >< device && model !~ "^[567][0-9][0-9][0-9]([^0-9]|$)$") ||
  (('MDS' >< device) && (model != "9710" &&
  model != "9124" &&
  model != "9148S" &&
  model != "9250i" &&
  model != "9222i" &&
  model != "9509" &&
  model != "9134" &&
  model != "9506" &&
  model != "9396S" &&
  model != "9148" &&
  model != "9513" &&
  model != "9706" &&
  model != "9718"))
  )audit(AUDIT_HOST_NOT, "an affected device and/or model");

product_info = cisco::get_product_info(name:"Cisco NX-OS Software");

version_list = make_list(
  "6.2(10)",
  "7.1(3)N1(2.1)",
  "7.1(3)N1(3.12)",
  "7.1(4)N1(0.1)",
  "7.2(0)D1(1)",
  "7.3(0)D1(1)",
  "7.3(0)N1(0)",
  "7.3(1)D1(1)",
  "7.3(1)N1(1)",
  "7.3(2)N1(0.296)",
  "8.0(1)S2"
);

workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);
workaround_params = make_list();


reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_WARNING,
  'version'  , product_info['version'],
  'bug_id'   , "CSCvc45002",
  'fix'      , "See advisory"
);

cisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list);