Detections
Analytics

Cisco FXOS Software Cisco Discovery Protocol DoS Arbitrary Code Execution (cisco-sa-nxos-cdp-dos-ce-wWvPucC9)

high Nessus Plugin ID 164840

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco FXOS System Software is affected by a vulnerability due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number

Solution

Upgrade to the relevant fixed software as referenced in the vendor advisory

See Also

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb74513

http://www.nessus.org/u?a67afe3a

https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74837

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb70210

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb74493

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb74494

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb74495

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb74496

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb74497

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb74498

Plugin Details

Severity: High

ID: 164840

File Name: cisco-sa-nxos-cdp-dos-ce-wWvPucC9_fx.nasl

Version: 1.3

Type: local

Family: CISCO

Published: 9/8/2022

Updated: 3/23/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-20824

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:fxos

Required KB Items: installed_sw/FXOS

Exploit Ease: No known exploits are available

Patch Publication Date: 8/24/2022

Vulnerability Publication Date: 8/24/2022

Reference Information

CVE: CVE-2022-20824