Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.CISCO-SA-20130626-ESA.NASL
HistoryJul 26, 2013 - 12:00 a.m.

Multiple Vulnerabilities in Cisco Email Security Appliance (cisco-sa-20130626-esa)

2013-07-2600:00:00
This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
www.tenable.com
11

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.8%

JSON

According to its self-reported version, the Cisco AsyncOS running on the remote Cisco Email Security (ESA) appliance is affected by multiple vulnerabilities :

  • An unspecified vulnerability exists in the web framework that could allow a remote, authenticated attacker to execute arbitrary commands. (CVE-2013-3384)

  • A denial of service vulnerability exists in the web framework that could allow a remote, unauthenticated attacker to make the system unresponsive.
    (CVE-2013-3385)

  • A denial of service vulnerability exists in the management GUI that could allow a remote, unauthenticated attacker to make the system unresponsive. (CVE-2013-3386)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(69076);
  script_version("1.7");
  script_cvs_date("Date: 2018/11/15 20:50:20");

  script_cve_id("CVE-2013-3384", "CVE-2013-3385", "CVE-2013-3386");
  script_bugtraq_id(60805, 60806, 60807);
  script_xref(name:"CISCO-BUG-ID", value:"CSCzv25573");
  script_xref(name:"CISCO-BUG-ID", value:"CSCzv44633");
  script_xref(name:"CISCO-BUG-ID", value:"CSCzv63329");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20130626-esa");

  script_name(english:"Multiple Vulnerabilities in Cisco Email Security Appliance (cisco-sa-20130626-esa)");
  script_summary(english:"Checks ESA version");

  script_set_attribute(attribute:"synopsis", value:
"The remote security appliance is missing a vendor-supplied security
patch.");
  script_set_attribute(
    attribute:"description",
    value:
"According to its self-reported version, the Cisco AsyncOS running on
the remote Cisco Email Security (ESA) appliance is affected by
multiple vulnerabilities :

  - An unspecified vulnerability exists in the web framework
    that could allow a remote, authenticated attacker to
    execute arbitrary commands. (CVE-2013-3384)

  - A denial of service vulnerability exists in the web
    framework that could allow a remote, unauthenticated
    attacker to make the system unresponsive.
    (CVE-2013-3385)

  - A denial of service vulnerability exists in the
    management GUI that could allow a remote,
    unauthenticated attacker to make the system
    unresponsive. (CVE-2013-3386)"
  );
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e9e55d4e");
  script_set_attribute(
    attribute:"solution",
    value:
"Apply the relevant update referenced in Cisco Security Advisory
cisco-sa-20130626-esa."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/06/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:email_security_appliance");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:email_security_appliance_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");

  script_dependencies("cisco_esa_version.nasl");
  script_require_keys("Host/AsyncOS/Cisco Email Security Appliance/DisplayVersion", "Host/AsyncOS/Cisco Email Security Appliance/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

display_ver = get_kb_item_or_exit('Host/AsyncOS/Cisco Email Security Appliance/DisplayVersion');
ver = get_kb_item_or_exit('Host/AsyncOS/Cisco Email Security Appliance/Version');

if (ver =~ "^[0-6]\." || ver =~ "^7\.[01]\.") # 7.1 and prior
  display_fix = '7.1.5-106';
else if (ver =~ "^7\.3\.")
  display_fix = '8.0.0-671';
else if (ver =~ "^7\.5\.")
  display_fix = '7.6.3-019';
else if (ver =~ "^7\.6\.")
  display_fix = '7.6.3-019';
else
  audit(AUDIT_INST_VER_NOT_VULN, 'Cisco ESA', display_ver);

fix = str_replace(string:display_fix, find:'-', replace:'.');

if (ver_compare(ver:ver, fix:fix, strict:FALSE) >= 0)
  audit(AUDIT_INST_VER_NOT_VULN, 'Cisco ESA', display_ver);

if (report_verbosity > 0)
{
  report =
    '\n  Installed version : ' + display_ver +
    '\n  Fixed version     : ' + display_fix + '\n';
  security_hole(port:0, extra:report);
}
else security_hole(0);
VendorProductVersionCPE
ciscoemail_security_appliancecpe:/h:cisco:email_security_appliance
ciscoemail_security_appliance_firmwarecpe:/o:cisco:email_security_appliance_firmware

Related

nessus 2
securityvulns 1
cisco 3
cvelist 3
nvd 3
seebug 1
prion 3
cve 3
nessus
nessus
Multiple Vulnerabilities in Cisco Content Security Management Appliance (cisco-sa-20130626-sma)
2013-07-26 00:00:00
Multiple Vulnerabilities in Cisco Web Security Appliance (cisco-sa-20130626-wsa)
2013-07-26 00:00:00
securityvulns
securityvulns
Cisco Email Security / Web Security / Content Security multiple security vulnerabilities
2013-07-15 00:00:00
cisco
cisco
Multiple Vulnerabilities in Cisco Email Security Appliance
2013-06-26 16:00:00
Multiple Vulnerabilities in Cisco Content Security Management Appliance
2013-06-26 16:00:00
Multiple Vulnerabilities in Cisco Web Security Appliance
2013-06-26 16:00:00
cvelist
cvelist
CVE-2013-3384
2022-10-03 16:14:45
CVE-2013-3386
2022-10-03 16:14:45
CVE-2013-3385
2022-10-03 16:14:46
nvd
nvd
CVE-2013-3384
2013-06-27 21:55:07
CVE-2013-3386
2013-06-27 21:55:07
CVE-2013-3385
2013-06-27 21:55:07
seebug
seebug
Cisco Web Security Appliance Webζ‘†ζžΆδ»»ζ„ε‘½δ»€ζ‰§θ‘ŒζΌζ΄ž(CVE-2013-3384)
2013-07-02 00:00:00
prion
prion
Design/Logic Flaw
2013-06-27 21:55:00
Design/Logic Flaw
2013-06-27 21:55:00
Code injection
2013-06-27 21:55:00
cve
cve
CVE-2013-3384
2022-10-03 16:14:45
CVE-2013-3385
2022-10-03 16:14:46
CVE-2013-3386
2022-10-03 16:14:45

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.8%

JSON
Related for CISCO-SA-20130626-ESA.NASL
nessus2securityvulns1cisco3cvelist3nvd3seebug1prion3cve3