CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
55.9%
A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075. A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration. For example, the attacker could add a user account without the device administrator knowing.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501240);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/26");
script_cve_id("CVE-2021-1361");
script_name(english:"Cisco NX-OS Software Unauthenticated Arbitrary File Actions (CVE-2021-1361)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability in the implementation of an internal file management
service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000
Series Switches in standalone NX-OS mode that are running Cisco NX-OS
Software could allow an unauthenticated, remote attacker to create,
delete, or overwrite arbitrary files with root privileges on the
device. This vulnerability exists because TCP port 9075 is incorrectly
configured to listen and respond to external connection requests. An
attacker could exploit this vulnerability by sending crafted TCP
packets to an IP address that is configured on a local interface on
TCP port 9075. A successful exploit could allow the attacker to
create, delete, or overwrite arbitrary files, including sensitive
files that are related to the device configuration. For example, the
attacker could add a user account without the device administrator
knowing.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2770321c");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-1361");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(552);
script_set_attribute(attribute:"vuln_publication_date", value:"2021/02/24");
script_set_attribute(attribute:"patch_publication_date", value:"2021/02/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%285%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%286%29");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Cisco");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Cisco');
var asset = tenable_ot::assets::get(vendor:'Cisco');
var vuln_cpes = {
"cpe:/o:cisco:nx-os:9.3%285%29" :
{"versionEndIncluding" : "9.3%285%29", "versionStartIncluding" : "9.3%285%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:9.3%286%29" :
{"versionEndIncluding" : "9.3%286%29", "versionStartIncluding" : "9.3%286%29", "family" : "NXOS"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
55.9%