Cisco IOS XE Software Static Credential Vulnerability

2018-03-29T00:00:00
ID CISCO-SA-20180328-XESC.NASL
Type nessus
Reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-09-02T00:00:00

Description

According to its self-reported version, the IOS XE is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.

                                        
                                            #TRUSTED 78c6edb636c6ef7f3d40b951e45c3f7c63e1d90d5e716d35f9626fbf8a34280865ad5289c624ffb98b4e3f90e6176c2e63a1e007d248da40b3bc0f33289b9c8c8cf85765d4c2f8ae654014d87eeabc009110ae35b8f33d9cfe2b0a80a26e327be7a46a9b5f8bbe16ca09b5ce3992e9168579c9d70dea8e15900cc163e17f1facd6f85d97bfc87b4381e9494002c2798c25ca9078840fe7d71848514062191b31644cc267cff481bf85c26013166cf9d63404cbe824ca75f0eeed20d927e80e673b33856117d207294dd236f98442f12be0454849652e70b7589d0535118985399f52ccca988f349f23e699b49f789c981cfa333640c7c3bf16a77aea0a4c60456c65375105afa32a0568111ba9cd219ec7f2f74c779b4306f11879dc94d56c86fcad74db0432cd9e0b23789983a20c1653b949308b8f0b58d60b7e47d384d896f801dd37e323751d83ee97d4ff0a92d8da4045190853464c662c41c3dec36d331b1184e923f169e03e47f4aa7b9ed36cdf375fc6d6184b516ddbb8e6bdd3bdd5054e0d22314bec2c731f8e203a7b3ce64ed25c8ed29df14cc1f4bd5f771ca698666e2de1beeb7bba9261009b7ed937c3a9b81a0511f135813640b3c53fee4ff4282a562cc9f159da89fcb479fc0716e5ab1883b57fd07c88990e4e348a35f59e73c8d6cefcff688c046f1945694128c98ff62d0137cd04d8b0260adb0d144405
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(108724);
  script_version("1.8");
  script_cvs_date("Date: 2019/12/20");

  script_cve_id("CVE-2018-0150");
  script_bugtraq_id(103539);
  script_xref(name:"CISCO-BUG-ID", value:"CSCve89880");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20180328-xesc");

  script_name(english:"Cisco IOS XE Software Static Credential Vulnerability");
  script_summary(english:"Checks the IOS XE version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the IOS XE is affected
by one or more vulnerabilities. Please see the included Cisco BIDs
and the Cisco Security Advisory for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?69286111");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve89880");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID(s)
CSCve89880.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0150");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/29");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cpe:/o:cisco:ios_xe");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_xe_version.nasl");
  script_require_keys("Host/Cisco/IOS-XE/Version");

  exit(0);
}

include("audit.inc");
include("cisco_workarounds.inc");
include("ccf.inc");

product_info = cisco::get_product_info(name:"Cisco IOS XE Software");

version_list = make_list(
  "16.5.1",
  "16.5.1a",
  "16.5.1b"
  );

workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);
workaround_params = make_list();

reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_HOLE,
  'version'  , product_info['version'],
  'bug_id'   , "CSCve89880"
);

cisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list);