Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-20170816-APIC1-APPLICATION_POLICY_INFRASTRUCTURE_CONTROLLER.NASL
HistoryAug 25, 2017 - 12:00 a.m.

Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability

2017-08-2500:00:00
This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14

4.6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.6%

JSON

According to its self-reported version, the Cisco Application Policy Infrastructure Controller (APIC) is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(102778);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/11/06");

  script_cve_id("CVE-2017-6767");
  script_bugtraq_id(100400);
  script_xref(name:"CISCO-BUG-ID", value:"CSCvc34335");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20170816-apic1");

  script_name(english:"Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability");
  script_summary(english:"Checks the Cisco Application Policy Infrastructure Controller (APIC) version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Cisco Application Policy
Infrastructure Controller (APIC) is affected by one or more
vulnerabilities. Please see the included Cisco BIDs and the Cisco
Security Advisory for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8494a0ae");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc34335");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID(s)
CSCvc34335.
Alternatively, the following workarounds can be performed:
 - A locally configured user on the device is not vulnerable.
 - If the remote connection to the APIC is done via the
   Representational State Transfer (REST) API or GUI, the device is
   not vulnerable. However, if the Launch SSH feature within the
   GUI is used, it could be vulnerable if remote authentication is
   used.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-6767");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/25");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:application_policy_infrastructure_controller");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:application_policy_infrastructure_controller_firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_apic_version.nbin");
  script_require_keys("installed_sw/Cisco APIC Software");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");
include("cisco_func.inc");

app = "Cisco APIC Software";

get_install_count(app_name:app, exit_if_zero:TRUE);

port = get_http_port(default:443);

install = get_single_install(app_name:app, port:port, exit_if_unknown_ver:TRUE);

url = build_url(qs:install['path'], port:port);
version = install['version'];
vuln = FALSE;
override = FALSE;

if (
  version == "1.0(1e)" ||
  version == "1.0(1h)" ||
  version == "1.0(1k)" ||
  version == "1.0(1n)" ||
  version == "1.0(2j)" ||
  version == "1.0(2m)" ||
  version == "1.0(3f)" ||
  version == "1.0(3i)" ||
  version == "1.0(3k)" ||
  version == "1.0(3n)" ||
  version == "1.0(4h)" ||
  version == "1.0(4o)" ||
  version == "1.1(1j)" ||
  version == "1.1(0.920a)" ||
  version == "1.1(3f)" ||
  version == "1.3(2f)" ||
  version == "1.3(1)" ||
  version == "1.3(2)" ||
  version == "1.2" ||
  version == "1.2.2" ||
  version == "1.2(3)" ||
  version == "1.2(2)" ||
  version == "2.0" ||
  version == "2.0(1)"
  )
  vuln = TRUE;

if (vuln)
{
  report =
  '\n  Installed version : ' + version +
  '\n  Fixed version     : ' + "See advisory" +
  '\n';

  security_report_v4(severity:SECURITY_WARNING, port:port, extra:report);
  exit(0);
}
else audit(AUDIT_INST_VER_NOT_VULN, app, version);
VendorProductVersionCPE
ciscoapplication_policy_infrastructure_controllercpe:/a:cisco:application_policy_infrastructure_controller
ciscoapplication_policy_infrastructure_controller_firmwarecpe:/o:cisco:application_policy_infrastructure_controller_firmware

Related

cisco 1
cve 1
openvas 1
prion 1
cvelist 1
nvd 1
cisco
cisco
Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability
2017-08-16 16:00:00
cve
cve
CVE-2017-6767
2017-08-17 20:29:00
openvas
openvas
Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability
2017-08-17 00:00:00
prion
prion
Design/Logic Flaw
2017-08-17 20:29:00
cvelist
cvelist
CVE-2017-6767
2017-08-16 00:00:00
nvd
nvd
CVE-2017-6767
2017-08-17 20:29:00

4.6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.6%

JSON
Related for CISCO-SA-20170816-APIC1-APPLICATION_POLICY_INFRASTRUCTURE_CONTROLLER.NASL
cisco1cve1openvas1prion1cvelist1nvd1