CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
25.2%
A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501657);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/22");
script_cve_id("CVE-2023-20168");
script_name(english:"Cisco NX-OS Software TACACS+ or RADIUS Remote Authentication Directed Request Denial of Service (CVE-2023-20168)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability in TACACS+ and RADIUS remote authentication for Cisco
NX-OS Software could allow an unauthenticated, local attacker to cause
an affected device to unexpectedly reload. This vulnerability is due
to incorrect input validation when processing an authentication
attempt if the directed request option is enabled for TACACS+ or
RADIUS. An attacker could exploit this vulnerability by entering a
crafted string at the login prompt of an affected device. A successful
exploit could allow the attacker to cause the affected device to
unexpectedly reload, resulting in a denial of service (DoS) condition.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-remoteauth-dos-XB6pv74m
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?da4d94d6");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-20168");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20);
script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/23");
script_set_attribute(attribute:"patch_publication_date", value:"2023/08/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:10.2%285%29");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os:9.3%2811%29");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Cisco");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Cisco');
var asset = tenable_ot::assets::get(vendor:'Cisco');
var vuln_cpes = {
"cpe:/o:cisco:nx-os:9.3%2811%29" :
{"versionEndExcluding" : "9.3%2811%29", "family" : "NXOS"},
"cpe:/o:cisco:nx-os:10.2%285%29" :
{"versionEndExcluding" : "10.2%285%29", "versionStartIncluding" : "10.1%281%29", "family" : "NXOS"},
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);