CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.2%
According to its self-reported version, Cisco NX-OS Software is affected by two command injection vulnerabilities due to insufficient validation of arguments passed to certain CLI commands. An authenticated, local attacker could exploit these vulnerabilities to execute arbitrary commands on the underlying operating system with elevated privileges.
Please see the included Cisco BID and Cisco Security Advisory for more information.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#TRUSTED 29efbb1835b6e05ba120328df5a27e9521d5557519bc2d5fbaac9784516f89911fa64c093966b87f2adc9670c5d0c5d5ea19e37e62f64d9c47c634dd0ff15db0cdca11654823ba582f8b032a6e76df2148e9c67c7e0f735eedd4f44e43f3fc136f2d02ed7016f026af7bd1d63b76e8de295d4fd2cbc7209b3d1e781a284f13908e48208705c40e135744e4dadd1c81b1723dcccacf5717322398a227df8416774105cbe8f2b81f86b79054bdc88fd96059e89f3640536e7561a0715a9d24f8f9556c5109de3aa7a89459fd2b88ddc17cd1278729824cb2819271bc980ae697d877588d6fd4e209b3a91d8c266e8cece5ebd4f3b9950d9dacf192a493af82a133317fb5d7c80bda5e1dae3bf4faa56be079a9265136fe7e1e3eeb17aa1c4c2c92cd8001797e97a6010d149344461aaeb3d2d6ad3554cc4fdc65454b0ead374e20038a337835677cd4a0384f1d3ddd9fe44a819880e337b531b1553d69e9259c2693c3d383f8f790ad5e2b626f07be68c61919902fcc0aea0e2ec63285b1839a0a1f7fdbb085ecbbcf152e7529d40212b31c5a39fa4f4ee5fbe3aed111b953485e4afa76070a4a95a42ae59b620c5ead003a4787b22790afe11fc45ccfc69603eefe90c709a4c3dc1a537b05d21aa243eb77671ce4bbdc136d84385d9955c11693faffd956c9b28201ad69a891c7119a78cb8537771db50af0e4f5bb96082bf692
#TRUST-RSA-SHA256 0e62d29344d1619fac1cfc8a3d7071cc3be464caac326ec05aa95e8afdce250bc1c3009f33c6c4bb80c48bd7d5b53be4fcd8073b8829d1f172ae9b475ab80419c013eb67f4605ef5ed775824a656c0799b2ec8b0cd8b5c0ad64cd9f17d54df46b6d99451e39ffdc14cebc45e0d231f1203e6f30b53fdd3ddf28e91ed0321b9fc0b4636a578dbfb308430273d622153aed4f0269b480d6bbde7b536ee5bcc6e356a8c1b4472f5f0f37edcaf79de5c095a02e645bb6aa99ec0ba159211cb1655eb00db6b595e1cfc0293f12c433c460a57c9e3ac24e80765fd64a437c9880f815b171ba19f2869d6c67843363f317d5aff3ced6b70a9891782be56302ca9d9a47bdc88048e93bac885d622ac55379364731f58161496b264de168aca463ab92d89a5bcf5180624942d6ac0af78266cf7988665d9c8a5be5d622d73fb0b9a104896afa414bca6e49768980089cd528e87957d516af9655e2ad5d492146857e218735b017bcbf49ae13c2f13dea70bb95a741244a0fed7289d7a741ba5166b5ef940ea863f00c35cf13ed99e670c1c85cc62192bf0e8e826f9f89535cae6e493fc21c1949cb5e6e07d3402813a7d81992dba8cba3ec28966fa7af1f083fb19d65c266d088da5f50c3ed1da46e4523990cf54d3e4004659c6e1417ada8b4becedb805c0939c0740b5542519c510c76cb2a733bdcf277308ec2df3483fee5cd0d5b612
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(130916);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");
script_cve_id("CVE-2019-1774", "CVE-2019-1775");
script_bugtraq_id(108371);
script_xref(name:"CISCO-BUG-ID", value:"CSCvh75895");
script_xref(name:"CISCO-BUG-ID", value:"CSCvh75909");
script_xref(name:"CISCO-BUG-ID", value:"CSCvh75968");
script_xref(name:"CISCO-BUG-ID", value:"CSCvh75976");
script_xref(name:"CISCO-BUG-ID", value:"CSCvi92256");
script_xref(name:"CISCO-BUG-ID", value:"CSCvi92258");
script_xref(name:"CISCO-BUG-ID", value:"CSCvi92260");
script_xref(name:"CISCO-BUG-ID", value:"CSCvi99195");
script_xref(name:"CISCO-BUG-ID", value:"CSCvi99197");
script_xref(name:"CISCO-BUG-ID", value:"CSCvi99198");
script_xref(name:"CISCO-SA", value:"cisco-sa-20190515-nxos-cmdinj-1774-1775");
script_name(english:"Cisco NX-OS Software Multiple Vulnerabilities (cisco-sa-20190515-nxos-cmdinj-1774-1775)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco NX-OS Software is affected by two command injection vulnerabilities due
to insufficient validation of arguments passed to certain CLI commands. An authenticated, local attacker could exploit
these vulnerabilities to execute arbitrary commands on the underlying operating system with elevated privileges.
Please see the included Cisco BID and Cisco Security Advisory for more information.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cmdinj-1774-1775
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?217a964d");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh75895");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh75909");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh75968");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh75976");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi92256");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi92258");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi92260");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi99195");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi99197");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi99198");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvh75895, CSCvh75909, CSCvh75968, CSCvh75976,
CSCvi92256, CSCvi92258, CSCvi92260, CSCvi99195, CSCvi99197, and CSCvi99198.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1775");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/15");
script_set_attribute(attribute:"patch_publication_date", value:"2019/05/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_nxos_version.nasl");
script_require_keys("Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Model", "Host/Cisco/NX-OS/Device");
exit(0);
}
include('audit.inc');
include('cisco_workarounds.inc');
include('ccf.inc');
product_info = cisco::get_product_info(name:'Cisco NX-OS Software');
cbi = '';
if ('Nexus' >< product_info.device)
{
if (product_info.model =~ '^7[07][0-9]{2}')
cbi = 'CSCvh75895, CSCvh75909';
else if (product_info.model =~ '^(30|35|90)[0-9]{2}')
cbi = 'CSCvh75968, CSCvh75976, CSCvi99197, CSCvi92258';
else if (product_info.model =~ '^36[0-9]{2}' || product_info.model =~ '^95[0-9]{2}R')
cbi = 'CSCvi99195, CSCvi92256';
else if (product_info.model =~ '^(55|56|60)[0-9]{2}')
cbi = 'CSCvi99198, CSCvi92260';
}
else if ('MDS' >< product_info.device && (product_info.model =~ '^90[0-9]{2}'))
cbi = 'CSCvh75895, CSCvh75909';
if (cbi == '')
audit(AUDIT_HOST_NOT, 'affected');
version_list=make_list(
'6.0(2)A8(1)',
'6.0(2)A8(2)',
'6.0(2)A8(3)',
'6.0(2)A8(4)',
'6.0(2)A8(4a)',
'6.0(2)A8(5)',
'6.0(2)A8(6)',
'6.0(2)A8(7)',
'6.0(2)A8(7a)',
'6.0(2)A8(7b)',
'6.0(2)A8(8)',
'6.0(2)A8(9)',
'6.0(2)A8(10a)',
'6.0(2)A8(10)',
'6.2(2)',
'6.2(2a)',
'6.2(6)',
'6.2(6b)',
'6.2(8)',
'6.2(8a)',
'6.2(8b)',
'6.2(10)',
'6.2(12)',
'6.2(18)',
'6.2(16)',
'6.2(14b)',
'6.2(14)',
'6.2(14a)',
'6.2(6a)',
'6.2(20)',
'6.2(1)',
'6.2(3)',
'6.2(5)',
'6.2(5a)',
'6.2(5b)',
'6.2(7)',
'6.2(9)',
'6.2(9a)',
'6.2(9b)',
'6.2(9c)',
'6.2(11)',
'6.2(11b)',
'6.2(11c)',
'6.2(11d)',
'6.2(11e)',
'6.2(13)',
'6.2(13a)',
'6.2(13b)',
'6.2(15)',
'6.2(17)',
'6.2(19)',
'6.2(21)',
'6.2(23)',
'6.2(20a)',
'7.0(3)F3(1)',
'7.0(3)F3(2)',
'7.0(3)F3(3)',
'7.0(3)F3(3a)',
'7.0(3)F3(4)',
'7.0(3)F3(3c)',
'7.0(3)F3(3b)',
'7.0(3)I4(1)',
'7.0(3)I4(2)',
'7.0(3)I4(3)',
'7.0(3)I4(4)',
'7.0(3)I4(5)',
'7.0(3)I4(6)',
'7.0(3)I4(7)',
'7.0(3)I4(8)',
'7.0(3)I4(8a)',
'7.0(3)I4(8b)',
'7.0(3)I4(8z)',
'7.0(3)I7(1)',
'7.0(3)I7(2)',
'7.0(3)I7(3)',
'8.1(1)',
'8.1(1a)'
);
reporting = make_array(
'port' , 0,
'severity' , SECURITY_HOLE,
'version' , product_info.version,
'bug_id' , cbi,
'disable_caveat', TRUE
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_versions:version_list
);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1774
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1775
www.nessus.org/u?217a964d
bst.cloudapps.cisco.com/bugsearch/bug/CSCvh75895
bst.cloudapps.cisco.com/bugsearch/bug/CSCvh75909
bst.cloudapps.cisco.com/bugsearch/bug/CSCvh75968
bst.cloudapps.cisco.com/bugsearch/bug/CSCvh75976
bst.cloudapps.cisco.com/bugsearch/bug/CSCvi92256
bst.cloudapps.cisco.com/bugsearch/bug/CSCvi92258
bst.cloudapps.cisco.com/bugsearch/bug/CSCvi92260
bst.cloudapps.cisco.com/bugsearch/bug/CSCvi99195
bst.cloudapps.cisco.com/bugsearch/bug/CSCvi99197
bst.cloudapps.cisco.com/bugsearch/bug/CSCvi99198
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
5.2%