| code | #TRUSTED 17b0df17afb00c93ca08d2a05a41c2882757d498a4e32f748fd124b5815a112de74967bac2769bec18fa2810911bd2d4cd8dfc39a266599723f3823d5836e1a874c9b7a6823813eb3ae8da8dceb4c00f607634f29fa5ca04a1ee5912de0f53ffa67f9deca06ba805f6cf40a74606a9e9885ddc993733d91fd46a256a7ded08bef83d371c047259ac034837a7dfb159deb1f913226f4f5bd2f1b19a71cabefdef5b73f1fb9b1f5f0a8450971ac379fb849c0546f6427a9e13e268efa16e12b6d078196dbce153ab40532ce1f0070f11b6f130dc51367e5a7857c4c3e8b38b703663bd2af99eac9532b46448bd7f0b3eb24964a1ae7a68340d56fc8417c776f78642d02323fdd78ce1d58a00167f865e368577bb0368e6b72a2d2330f1a684139158affb08c64c12f4dbf9e20a090949f78ee1cb7365a8135e2b875fdefd956b151e957b37742f4452919febeefb5e3460693630b96c37ed86aae87683914db69e29f41d90ebf2cdaaad46710b9bfc1476a428b64e2a0c747f4818af1948d7f26832e3fc377fb4aaf97ec7fdb88b5afa6f8f0679dca7344bd4348c57c3186c1b75286c9c57dd09b35f9329dec4113835ad9b157469c07a3cb80ca9d70f4e56ea0a7eedb680ab1488324c3131284ab559a09839d24381c73dc895535df9c7cb59e06fddc4a035378ebb3e7eecaeca48968a82c85481e1fe06830a5ac91b7d95ed42
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(132855);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/25");
script_cve_id("CVE-2019-1977");
script_xref(name:"CISCO-BUG-ID", value:"CSCvi11291");
script_xref(name:"CISCO-SA", value:"cisco-sa-20190828-nexus-aci-dos");
script_xref(name:"IAVA", value:"2019-A-0317");
script_name(english:"Cisco Nexus 9000 Series Fabric Switches ACI Mode Border Leaf Endpoint Learning (cisco-sa-20190828-nexus-aci-dos)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco NX-OS System Software in Application Centric Infrastructure (ACI) mode is
affected by a vulnerability within the Endpoint Learning feature of Cisco 9000 Series Switches due to improper endpoint
learning when packets are received on a specific port from outside the ACI fabric and destined to an endpoint located on
a border leaf when 'Disable Remote Endpoint Learning' has been enabled. An unauthenticated, remote attacker can exploit
this to create a Remote (XR) entry for the impacted endpoint that will become stale if the endpoint migrates to a
different port or leaf switch. This results in traffic not reaching the impacted endpoint until the Remote entry can be
relearned by another mechanism, causing a denial of service (DoS) condition.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nexus-aci-dos
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9a5ce967");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi11291");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvi11291");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1977");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/28");
script_set_attribute(attribute:"patch_publication_date", value:"2019/08/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/14");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_nxos_version.nasl");
script_require_keys("Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Model", "Host/Cisco/NX-OS/Device", "Settings/ParanoidReport");
exit(0);
}
include('audit.inc');
include('cisco_workarounds.inc');
include('ccf.inc');
if (report_paranoia < 2) audit(AUDIT_PARANOID);
product_info = cisco::get_product_info(name:'Cisco NX-OS Software');
if ('Nexus' >!< product_info.device || product_info.model !~ '^90[0-9][0-9]')
audit(AUDIT_HOST_NOT, 'affected');
version_list=make_list(
'12.0(1m)',
'12.0(2g)',
'12.0(1n)',
'12.0(1o)',
'12.0(1p)',
'12.0(1q)',
'12.0(2h)',
'12.0(2l)',
'12.0(2m)',
'12.0(2n)',
'12.0(2o)',
'12.0(2f)',
'12.0(1r)',
'12.1(1h)',
'12.1(2e)',
'12.1(3g)',
'12.1(4a)',
'12.1(1i)',
'12.1(2g)',
'12.1(2k)',
'12.1(3h)',
'12.1(3j)',
'12.2(1n)',
'12.2(2e)',
'12.2(3j)',
'12.2(4f)',
'12.2(3p)',
'12.2(3r)',
'12.2(3s)',
'12.2(3t)',
'12.2(2f)',
'12.2(2g)',
'12.2(2i)',
'12.2(2j)',
'12.2(2k)',
'12.2(2q)',
'12.2(1o)',
'12.2(1k)',
'12.3(1e)',
'12.3(1f)',
'12.3(1i)',
'12.3(1l)',
'12.3(1o)',
'12.3(1p)',
'13.0(1k)',
'13.0(2h)',
'13.0(2k)',
'13.0(2n)',
'13.0(1i)',
'13.0(2m)',
'13.1(1i)',
'13.1(2m)',
'13.1(2o)',
'13.1(2p)',
'13.1(2q)',
'13.1(2s)',
'13.1(2t)'
);
workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);
workaround_params = make_list();
reporting = make_array(
'port' , 0,
'severity' , SECURITY_WARNING,
'version' , product_info.version,
'bug_id' , 'CSCvi11291'
);
cisco::check_and_report(
product_info:product_info,
workarounds:workarounds,
workaround_params:workaround_params,
reporting:reporting,
vuln_versions:version_list,
switch_only:TRUE
);
|