CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
16.6%
A vulnerability in the license installation module of a Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands. This issue is due to the failure of the ‘install all iso’ command to properly validate user-supplied input.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(78858);
script_version("1.4");
script_cvs_date("Date: 2019/10/29 10:38:39");
script_cve_id("CVE-2013-5556");
script_bugtraq_id(63732);
script_xref(name:"CISCO-BUG-ID", value:"CSCui21340");
script_name(english:"Cisco Nexus 1000V Series Switches Arbitrary Command Execution Vulnerability (CSCui21340)");
script_summary(english:"Checks the NX-OS version.");
script_set_attribute(attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"A vulnerability in the license installation module of a Cisco Nexus
1000V could allow an authenticated, local attacker to execute
arbitrary shell commands. This issue is due to the failure of the
'install all iso' command to properly validate user-supplied input.");
# https://tools.cisco.com/security/center/viewAlert.x?alertId=31774
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3366ca1f");
script_set_attribute(attribute:"solution", value:"Apply the patch referenced in Cisco bug ID CSCui21340.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:nexus_1000v");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/14");
script_set_attribute(attribute:"patch_publication_date", value:"2013/11/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/04");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");
script_family(english:"CISCO");
script_dependencies("cisco_nxos_version.nasl");
script_require_keys("Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Device", "Host/Cisco/NX-OS/Model");
exit(0);
}
include("audit.inc");
include("cisco_func.inc");
device = get_kb_item_or_exit("Host/Cisco/NX-OS/Device");
model = get_kb_item_or_exit("Host/Cisco/NX-OS/Model");
version = get_kb_item_or_exit("Host/Cisco/NX-OS/Version");
# Cisco Nexus 1000V models are affected
if (
device != 'Nexus' ||
model !~ '^1[0-9][0-9][0-9][Vv]([^0-9]|$)'
) audit(AUDIT_HOST_NOT, "affected");
fix = NULL;
# Check if vuln version
if (
version == '4.0(4)SV1(1)' ||
version == '4.0(4)SV1(2)' ||
version == '4.0(4)SV1(3)' ||
version == '4.0(4)SV1(3a)' ||
version == '4.0(4)SV1(3b)' ||
version == '4.0(4)SV1(3c)' ||
version == '4.0(4)SV1(3d)'
) fix = "Contact vendor.";
else if (
version == '4.2(1)SV1(4)' ||
version == '4.2(1)SV1(4a)' ||
version == '4.2(1)SV1(4b)' ||
version == '4.2(1)SV1(5.1)' ||
version == '4.2(1)SV1(5.1a)' ||
version == '4.2(1)SV1(5.2)' ||
version == '4.2(1)SV1(5.2b)'
) fix = "Contact vendor.";
else if (
version == '4.2(1)SV2(1.1a)'
) fix = '4.2(1)SV2(2.1a)';
else if (
version == '5.2(1)SM1(5.1)'
) fix = '5.2(1)SM1(5.2)';
else if (
version =='4.2(1)VSG1(1)'
) fix = 'Contact vendor.';
if (!isnull(fix))
{
if (report_verbosity > 0)
{
report =
'\n Cisco bug ID : CSCui21340' +
'\n Model : ' + device + ' ' + model +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix +
'\n';
security_warning(port:0, extra:report);
}
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");