Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_CISCO_CVE-2023-20115.NASLHistorySep 19, 2023 - 12:00 a.m.
Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access (CVE-2023-20115)
2023-09-1900:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
cisco nexus
sftp server
vulnerability
remote attacker
file overwrite
operating system
authentication
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
26.9%
A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user. There are workarounds that address this vulnerability.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501658);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/20");
script_cve_id("CVE-2023-20115");
script_name(english:"Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access (CVE-2023-20115)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability in the SFTP server implementation for Cisco Nexus 3000
Series Switches and 9000 Series Switches in standalone NX-OS mode
could allow an authenticated, remote attacker to download or overwrite
files from the underlying operating system of an affected device. This
vulnerability is due to a logic error when verifying the user role
when an SFTP connection is opened to an affected device. An attacker
could exploit this vulnerability by connecting and authenticating via
SFTP as a valid, non-administrator user. A successful exploit could
allow the attacker to read or overwrite files from the underlying
operating system with the privileges of the authenticated user. There
are workarounds that address this vulnerability.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-sftp-xVAp5Hfd
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bd412dc7");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-20115");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/23");
script_set_attribute(attribute:"patch_publication_date", value:"2023/08/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.1%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.1%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.1%282t%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%281q%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%283%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%283t%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%284%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.2%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.2%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.2%282t%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.2%282v%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.2%283%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.2%284%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%281%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%2810%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%282%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%283%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%284%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%285%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%286%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%287%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%287a%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%288%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%289%29");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Cisco");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Cisco');
var asset = tenable_ot::assets::get(vendor:'Cisco');
var vuln_cpes = {
"cpe:/o:cisco:nx-os:9.3%2811%29" :
{"versionEndExcluding" : "9.3%2811%29", "versionStartIncluding" : "9.2%281%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.2%285%29" :
{"versionEndExcluding" : "10.2%285%29", "versionStartIncluding" : "10.1%281%29", "family" : "NXOS"},
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Related
cisco
cisco
prion
prion
Design/Logic Flaw
2023-08-23 19:15:00
nvd
nvd
CVE-2023-20115
2023-08-23 19:15:07
cvelist
cvelist
CVE-2023-20115
2023-08-23 18:20:34
cve
cve
CVE-2023-20115
2023-08-23 19:15:07
nessus
nessus
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
26.9%
Related for TENABLE_OT_CISCO_CVE-2023-20115.NASL