7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
31.6%
According to its self-reported version, Cisco NX-OS System Software in ACI Mode is affected by an information disclosure vulnerability. The vulnerability affects Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode of Multi-Site that are part of a Multi-Site topology and have the CloudSec encryption feature enabled. Due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature , an unauthenticated, remote attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. Successful exploitation could allow the attacker to read or modify the traffic that is transmitted between the sites.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(178417);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/19");
script_cve_id("CVE-2023-20185");
script_xref(name:"CISCO-BUG-ID", value:"CSCwf02544");
script_xref(name:"CISCO-SA", value:"cisco-sa-aci-cloudsec-enc-Vs5Wn2sX");
script_name(english:"Cisco ACI Multi-Site CloudSec Encryption Information Disclosure (cisco-sa-aci-cloudsec-enc-Vs5Wn2sX)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco NX-OS System Software in ACI Mode is affected by an information
disclosure vulnerability. The vulnerability affects Cisco Nexus 9000 Series Fabric Switches in Application Centric
Infrastructure (ACI) mode of Multi-Site that are part of a Multi-Site topology and have the CloudSec encryption
feature enabled. Due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature
, an unauthenticated, remote attacker with an on-path position between the ACI sites could exploit this vulnerability by
intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. Successful
exploitation could allow the attacker to read or modify the traffic that is transmitted between the sites.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?54db6797");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf02544");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwf02544");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-20185");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/07/05");
script_set_attribute(attribute:"patch_publication_date", value:"2023/07/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/18");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_nxos_version.nasl");
script_require_keys("Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Model", "Host/Cisco/NX-OS/Device", "Host/aci/system/chassis/summary");
exit(0);
}
include('ccf.inc');
var product_info = cisco::get_product_info(name:'Cisco NX-OS Software');
# Nexus 9k
if (('Nexus' >!< product_info.device || product_info.model !~ "(^|[^0-9])9[0-9]{2,3}"))
audit(AUDIT_HOST_NOT, 'an affected model');
# ACI mode
if (empty_or_null(get_kb_list('Host/aci/*')))
audit(AUDIT_HOST_NOT, 'an affected model due to non ACI mode');
# Not checking for Multi-Site + CloudSec config
if (report_paranoia < 2)
audit(AUDIT_POTENTIAL_VULN, 'Cisco NX-OS');
var version_list = make_list(
'14.0(1h)',
'14.0(2c)',
'14.0(3d)',
'14.0(3c)',
'14.1(1i)',
'14.1(1j)',
'14.1(1k)',
'14.1(1l)',
'14.1(2g)',
'14.1(2m)',
'14.1(2o)',
'14.1(2s)',
'14.1(2u)',
'14.1(2w)',
'14.1(2x)',
'14.2(1i)',
'14.2(1j)',
'14.2(1l)',
'14.2(2e)',
'14.2(2f)',
'14.2(2g)',
'14.2(3j)',
'14.2(3l)',
'14.2(3n)',
'14.2(3q)',
'14.2(4i)',
'14.2(4k)',
'14.2(4o)',
'14.2(4p)',
'14.2(5k)',
'14.2(5l)',
'14.2(5n)',
'14.2(6d)',
'14.2(6g)',
'14.2(6h)',
'14.2(6l)',
'14.2(7f)',
'14.2(7l)',
'14.2(6o)',
'14.2(7q)',
'14.2(7r)',
'14.2(7s)',
'14.2(7t)',
'14.2(7u)',
'14.2(7v)',
'14.2(7w)',
'15.0(1k)',
'15.0(1l)',
'15.0(2e)',
'15.0(2h)',
'15.1(1h)',
'15.1(2e)',
'15.1(3e)',
'15.1(4c)',
'15.2(1g)',
'15.2(2e)',
'15.2(2f)',
'15.2(2g)',
'15.2(2h)',
'15.2(3e)',
'15.2(3f)',
'15.2(3g)',
'15.2(4d)',
'15.2(4e)',
'15.2(5c)',
'15.2(5d)',
'15.2(5e)',
'15.2(4f)',
'15.2(6e)',
'15.2(6g)',
'15.2(7f)',
'15.2(7g)',
'15.2(6h)',
'16.0(1g)',
'16.0(1j)',
'16.0(2h)'
);
var reporting = make_array(
'port' , 0,
'severity', SECURITY_HOLE,
'version' , product_info['version'],
'bug_id' , 'CSCwf02544'
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_versions:version_list
);
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
31.6%