Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

2017-10-02T00:00:00
ID CISCO-SA-20170927-PRIVESC-IOS_XE.NASL
Type nessus
Reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-09-02T00:00:00

Description

According to its self-reported version, the Cisco IOS XE Software is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.

                                        
                                            #TRUSTED 4710709d7941e0ffa58b283791ecb66ac545a1e0f0777d9d29df78d1d4b87811e716232bfb7e5ebc9d24a3508ceb5df3bf6f8e63cdf7b85d79fffb6f7749121e1013cae02ab758d5fbbb3ac2086e7fa7f85277a5e68ceed759e74c95f34a2e5aa39c35cf211443814affcc5f7491278552aa289a70819169f2910593ef4d1cd02facfc7503ce8900b0fe1f7eb76f8663533f190f836a09e475caff3a769c6fe7542ab37a6f10d3b8cc13e12b8b76a49b8e0949821d54d5006026a8a66bbfca99d24e51b89b59ec8dabe77d5c558e6f88d3fb2600a723d685aff1f6429e3043cd540197865cad57d4cc01f99a791d44871e8ef46f2adc238582fb546f57d9b9c9fff874c6140380ff3b59816445c07552c3b2774a35e3e3e644dc0210388d7ef1ab2f35f63aa582db0df8ff7cddfcfb918c2b7005a557c58ba6865951156bed15a747aea6a38e6caeff77aa0d5b9052a8fec2e3a0c5b86299a294bf7f4a09e349fad4e1eb9010e4948830cb50d0c3c262ec1be29507a377ab9a8b4d8cacc3b4171bb08a5fdc79196becec395c197d4c086c83056001e730838998e85c9b44f853b92d32f04eebd1bd28da7c47d30314240718e508e4c2cd080cf13437337fcac983df4451744f2ca15b38c31f4640a00b3b7820b0d617688e0b0a9d44c6b95c127a66b7266f1673495143668fe38cab0343477ddcad32af307e8179b55e5d8ccb
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(103566);
  script_version("1.8");
  script_cvs_date("Date: 2019/11/12");

  script_cve_id("CVE-2017-12230");
  script_bugtraq_id(101036);
  script_xref(name:"CISCO-BUG-ID", value:"CSCuy83062");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20170927-privesc");

  script_name(english:"Cisco IOS XE Software Web UI Privilege Escalation Vulnerability");
  script_summary(english:"Checks the Cisco IOS XE Software version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Cisco IOS XE Software is affected
by one or more vulnerabilities. Please see the included Cisco BIDs
and the Cisco Security Advisory for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-privesc
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1efc8374");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy83062");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID(s)
CSCuy83062.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12230");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/09/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cpe:/o:cisco:ios_xe");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_xe_version.nasl");
  script_require_keys("Host/Cisco/IOS-XE/Version");

  exit(0);
}

include("audit.inc");
include("cisco_workarounds.inc");
include("ccf.inc");


product_info = cisco::get_product_info(name:"Cisco IOS XE Software");

version_list = make_list(
  "16.2.1",
  "Denali-16.3.1"
);

workarounds = make_list(CISCO_WORKAROUNDS['http|transport']);
workaround_params = make_list();


reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_HOLE,
  'version'  , product_info['version'],
  'bug_id'   , "CSCuy83062",
  'cmds'     , make_list("show running-config | include http|transport")
);

cisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list);