Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot (CVE-2019-1589)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501242);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/26");

  script_cve_id("CVE-2019-1589");

  script_name(english:"Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot (CVE-2019-1589)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in the Trusted Platform Module (TPM) functionality of
software for Cisco Nexus 9000 Series Fabric Switches in Application
Centric Infrastructure (ACI) mode could allow an unauthenticated,
local attacker with physical access to view sensitive information on
an affected device. The vulnerability is due to a lack of proper data-
protection mechanisms for disk encryption keys that are used within
the partitions on an affected device hard drive. An attacker could
exploit this vulnerability by obtaining physical access to the
affected device to view certain cleartext keys. A successful exploit
could allow the attacker to execute a custom boot process or conduct
further attacks on an affected device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/108175");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-aci-unmeasured-boot
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7eb89c27");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1589");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(311);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:8.3%280%29sk%280.39%29");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Cisco");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Cisco');

var asset = tenable_ot::assets::get(vendor:'Cisco');

var vuln_cpes = {
    "cpe:/o:cisco:nx-os:8.3%280%29sk%280.39%29" :
        {"versionEndIncluding" : "8.3%280%29sk%280.39%29", "versionStartIncluding" : "8.3%280%29sk%280.39%29", "family" : "NXOS"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_NOTE);