Cisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow (CVE-2019-1901)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501405);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/26");

  script_cve_id("CVE-2019-1901");

  script_name(english:"Cisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow (CVE-2019-1901)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem
of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI)
Mode Switch Software could allow an adjacent, unauthenticated attacker
to cause a denial of service (DoS) condition or execute arbitrary code
with root privileges. The vulnerability is due to improper input
validation of certain type, length, value (TLV) fields of the LLDP
frame header. An attacker could exploit this vulnerability by sending
a crafted LLDP packet to the targeted device. A successful exploit may
lead to a buffer overflow condition that could either cause a DoS
condition or allow the attacker to execute arbitrary code with root
privileges. Note: This vulnerability cannot be exploited by transit
traffic through the device; the crafted packet must be targeted to a
directly connected interface. This vulnerability affects Cisco Nexus
9000 Series Fabric Switches in ACI mode if they are running a Cisco
Nexus 9000 Series ACI Mode Switch Software release prior to 13.2(7f)
or any 14.x release.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dd3ed165");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1901");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(119);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:13");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:14");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Cisco");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Cisco');

var asset = tenable_ot::assets::get(vendor:'Cisco');

var vuln_cpes = {
    "cpe:/o:cisco:nx-os:13" :
        {"versionEndExcluding" : "13.2%287f%29", "family" : "NXOS"},
    "cpe:/o:cisco:nx-os:14" :
        {"versionEndIncluding" : "14.1%282g%29", "versionStartIncluding" : "14.0%281h%29", "family" : "NXOS"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);