CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
53.0%
According to its version and configuration, the Cisco Firepower Threat Defense (FTD) software installed on the remote device is affected by an arbitrary log entry injection vulnerability in the Firepower Device Manager (FDM) due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request to the web UI, to add arbitrary entires and false alarms to the audit log.
#TRUSTED ab9300e783b5b0deca66796369fbe293f083af6894e5923d8ef310940e4dde7c81780576ed20b308c1122a6a4ae5ce680aeaf71cf9bc4c6287f1c218bebfaa9a0422a1e6370e5e9e8147423a2ea960c020de69bd11b17f5c133d7da36d33069967de146463a9dcc1ed3c5abe2f1a18068d63f3429eb91d8ca868c9c4c6d9a6f0971a1328a3fadf45725c08421afff95d419fd6f7ff6fd4f0cefe388d84d6c7eb03a48f421336749976e07c97cf2ae1c9e425bbe8ff44074a58b1785d6599bad99cdcc50cb1d425de651a8c8ac255c55b80cf1314a3b9419c1ff3a5c801ed480086bbf2bb34432832a672d625c8263d2cbdbc448b6a19253852d2b84e30cd31d24d3c82bb23b2b19bb7172863fc8e72e5575a00497d2a9f9118166b0ae6910d1890626205593aaf435339171aded375b655bd0629c07934a3788f653d2ec7782955cf88311a617267e4a9640b56079aa961e315e73e17627d05e9f92865f11655a96f04ee4f0fb84ed2ffe10535d2475c47b3581f2a0f9c4d06123a923c52ecbd42799460a72cb877dda8702bc824eb8d794030e161975bde51e25424367bd8b54de73e4d0048889c1f80d0eb836840e6e631a948a475768a08e75459cca5f41b27296e94f8c9a7ec36b3c0c9b57aafb526056ad739bd7240f5a4de09f3af94aa9cd79f1fb06541cd8062a6242b2b6fc580b4390d5ec8bf659a11a9c98e6c7b25
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(99400);
script_version("1.8");
script_cvs_date("Date: 2019/11/13");
script_cve_id("CVE-2017-3822");
script_bugtraq_id(95944);
script_xref(name:"CISCO-BUG-ID", value:"CSCvb86860");
script_xref(name:"IAVB", value:"2017-B-0019");
script_xref(name:"CISCO-SA", value:"cisco-sa-20170201-fpw2");
script_name(english:"Cisco Firepower Threat Defense Device Manager Web UI Request Handling Arbitrary Log Entry Injection (cisco-sa-20170201-fpw2)");
script_summary(english:"Checks the version of Cisco Firepower System.");
script_set_attribute(attribute:"synopsis", value:
"The packet inspection software installed on the remote host is
affected by an arbitrary log entry injection vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its version and configuration, the Cisco Firepower Threat
Defense (FTD) software installed on the remote device is affected by
an arbitrary log entry injection vulnerability in the Firepower Device
Manager (FDM) due to improper validation of user-supplied input. An
unauthenticated, remote attacker can exploit this, via a specially
crafted request to the web UI, to add arbitrary entires and false
alarms to the audit log.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw2
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e8709094");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCvb86860.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/01");
script_set_attribute(attribute:"patch_publication_date", value:"2017/02/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/14");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:firepower_threat_defense");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
script_require_keys("Host/Cisco/ASA", "Host/Cisco/ASA/model", "Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("cisco_func.inc");
include("cisco_kb_cmd_func.inc");
include("obj.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
show_ver = get_kb_item_or_exit('Host/Cisco/show_ver');
model = get_kb_item_or_exit('Host/Cisco/ASA/model');
# Affected Models:
# 5506-X
# 5506W-X
# 5506H-X
# 5508-X
# 5512-X
# 5515-X
# 5516-X
# 5525-X
# 5545-X
# 5555-X
if (
model !~ '^5506[WH]?-X' &&
model !~ '^5508-X' &&
model !~ '^551[256]-X' &&
model !~ '^5525-X' &&
model !~ '^5545-X' &&
model !~ '^5555-X'
) audit(AUDIT_HOST_NOT, "an affect Cisco ASA product model");
flag = 0;
override = 0;
fdm_ver = pregmatch(string:show_ver, pattern:"\s*Model\s*:\s+Cisco.*Threat\s+Defense.*Version\s+([0-9.]+)");
if (isnull(fdm_ver)) audit(AUDIT_HOST_NOT, "affected");
if (fdm_ver[1] =~ "^6\.1\.")
flag= 1;
cmds = make_list();
if (get_kb_item("Host/local_checks_enabled"))
{
if (flag)
{
flag = 0;
buf = cisco_command_kb_item("Host/Cisco/Config/show_managers", "show managers");
if (check_cisco_result(buf))
{
# Vulnerable if managed locally
if (preg(pattern:"^\s*Managed locally", multiline:TRUE, string:buf))
{
flag = 1;
cmds = make_list(cmds, "show managers");
}
} else if (cisco_needs_enable(buf)) { flag = 1; override = 1; }
}
}
if (flag)
{
security_report_cisco(
port : 0,
severity : SECURITY_WARNING,
override : override,
version : fdm_ver[1],
bug_id : "CSCvb86860",
cmds : cmds
);
} else audit(AUDIT_HOST_NOT, "affected");
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
53.0%