Cisco NX-OS Software system login block-for DoS (cisco-sa-nxos-login-blockfor-RwjGVEcu)

medium Nessus Plugin ID 168367

Synopsis

The remote device is missing a vendor-supplied security patch

Description

A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error in the implementation of the system login block-for command when an attack is detected and acted upon. An attacker could exploit this vulnerability by performing a brute-force login attack on an affected device. A successful exploit could allow the attacker to cause a login process to reload, which could result in a delay during authentication to the affected device.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCuz49095, CSCvw45963, CSCvx74585

See Also

http://www.nessus.org/u?2bfc8d32

http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74640

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz49095

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw45963

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx74585

Plugin Details

Severity: Medium

ID: 168367

File Name: cisco-sa-nxos-login-blockfor-RwjGVEcu.nasl

Version: 1.6

Type: combined

Family: CISCO

Published: 12/2/2022

Updated: 12/5/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-1590

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:nx-os

Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device

Exploit Ease: No known exploits are available

Patch Publication Date: 8/25/2021

Vulnerability Publication Date: 8/25/2021

Reference Information

CVE: CVE-2021-1590