Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service (CVE-2017-3883)

high Tenable OT Security Plugin ID 501393

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload. An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects the following Cisco products if they are running Cisco FXOS or NX-OS System Software that is configured for AAA services: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System (UCS) 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs:
CSCuq58760, CSCuq71257, CSCur97432, CSCus05214, CSCux54898, CSCvc33141, CSCvd36971, CSCve03660.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.nessus.org/u?b71cc502

http://www.securitytracker.com/id/1039614

http://www.securityfocus.com/bid/101493

http://www.nessus.org/u?38892564

Plugin Details

Severity: High

ID: 501393

Version: 1.1

Type: remote

Family: Tenable.ot

Published: 7/25/2023

Updated: 7/26/2023

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2017-3883

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:nx-os:2, cpe:/o:cisco:nx-os:2.5, cpe:/o:cisco:nx-os:3.0, cpe:/o:cisco:nx-os:3.1, cpe:/o:cisco:nx-os:3.2, cpe:/o:cisco:nx-os:4, cpe:/o:cisco:nx-os:5, cpe:/o:cisco:nx-os:5.2, cpe:/o:cisco:nx-os:6, cpe:/o:cisco:nx-os:6.1, cpe:/o:cisco:nx-os:6.2, cpe:/o:cisco:nx-os:6.3, cpe:/o:cisco:nx-os:7.0, cpe:/o:cisco:nx-os:7.0%283%29i3%281%29, cpe:/o:cisco:nx-os:7.1%280.1%29, cpe:/o:cisco:nx-os:7.3, cpe:/o:cisco:nx-os:8.1, cpe:/o:cisco:nx-os:8.2

Required KB Items: Tenable.ot/Cisco

Exploit Ease: No known exploits are available

Patch Publication Date: 10/19/2017

Vulnerability Publication Date: 10/19/2017

Reference Information

CVE: CVE-2017-3883

CWE: 770