Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability

2019-04-26T00:00:00
ID CISCO-SA-20190417-ASR9K-EXR.NASL
Type nessus
Reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-12-02T00:00:00

Description

According to its self-reported version, Cisco ASR 9000 Series Aggregation Services Routers are affected by the following vulnerability :

  • A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM.The vulnerability is due to incorrect isolation of the secondary management interface from internal sysadmin applications. An attacker could exploit this vulnerability by connecting to one of the listening internal applications. A successful exploit could result in unstable conditions, including both a denial of service and remote unauthenticated access to the device. (CVE-2019-1710)

A workaround exists for this vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information.

                                        
                                            #TRUSTED 97bb95b840798a8d19a5ec8ac36f0c9d40e3117a3d151a277c2af704d3b6f9c05fe6786a377941139a36ef560b35a3a0af202ed49fd80fac5798657bc7b809ccd936052bc13f9d63263ac19ed888015c3715b7094e638e4ce5aa1efe9755009ec79e1f763c94eee4a9fd3eb3cef719a54c3c0fe309cfe61647c9604363e0b6e1e212c74e64d24038c3f61c8684b598fcdd08ebb15ab3c93a711c9dfd25a17b7e0bdaf05956f0069a83765970119cd1a11d352bea3e5228fb57f5937fe2462f1b74b5bb4bf27cc71ab6566396aec489418557595bb8068cb4a6aafe37eb7ff01ad6942b23cec56dfe89c1a6db5463bcb121eedb511e0a18d5a1331b5a368cf8edb9b104920688fff485a18af20886ad492d2b16d4d047c4cb40351d450d3717bc6ed26a24fba1727dba8a10b74d36f0fd0be118798bc8931b33f4a0bf5bf88481a309d902c4e834860e1c3c0c25d74b64bcb6a19fe5efc645c6fc3e3b24767a591286375559357ad1f7970435d6cfedc8673ca85b329e491b0d6dac0fa0da391999bd9757e44d08a7e3ebfec901d02982d391e80369ac9bd8f5b88fc7f24cc48e163c69084427e23d49ca620605a1be5639b673fc4d329b6ba8dc200b1e3ef8e7c75806490b5ac1fbf6934002cbe76b4d09d779d056a2dd04a42bc28a1bad9e2ea34fc04947ee23a42471ea127a23c06be56721c366185d9e26fae669b8b31019
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(124325);
  script_version("1.5");
  script_cvs_date("Date: 2019/12/20");

  script_cve_id("CVE-2019-1710");
  script_bugtraq_id(108007);
  script_xref(name:"CWE", value:"CWE-20");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvn56004");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20190417-asr9k-exr");

  script_name(english:"Cisco IOS XR 64-Bit Software for Cisco ASR 9000 Series Aggregation Services Routers Network Isolation Vulnerability");
  script_summary(english:"Checks the version of Cisco ASR 9000 Series Aggregation Services Routers");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco ASR 9000 Series
Aggregation Services Routers are affected by the following vulnerability :

  - A vulnerability in the sysadmin virtual machine (VM) on
    Cisco ASR 9000 Series Aggregation Services Routers
    running Cisco IOS XR 64-bit Software could allow an
    unauthenticated, remote attacker to access internal
    applications running on the sysadmin VM.The
    vulnerability is due to incorrect isolation of the
    secondary management interface from internal sysadmin
    applications. An attacker could exploit this
    vulnerability by connecting to one of the listening
    internal applications. A successful exploit could result
    in unstable conditions, including both a denial of
    service and remote unauthenticated access to the device.
    (CVE-2019-1710)

A workaround exists for this vulnerability. Please see the included
Cisco BIDs and Cisco Security Advisory for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?04bb980d");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn56004");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version or apply the workaround
referenced in advisory cisco-sa-20190417-asr9k-exr");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1710");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");


  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/04/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:asr_9000_series_aggregation_services_routers");
  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_xr_version.nasl");
  script_require_keys("Host/Cisco/IOS-XR/Version", "Host/Cisco/IOS-XR/Model", "Settings/ParanoidReport");

  exit(0);
}

include("global_settings.inc");
include("audit.inc");
include("cisco_workarounds.inc");
include("ccf.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

product_info = cisco::get_product_info(name:'Cisco IOS XR');

if (product_info.model !~ "^9[09]\d\dv?")
  audit(AUDIT_DEVICE_NOT_VULN, 'The ' + product_info.model + ' model');

vuln_ranges =
  [ {'min_ver':'6', 'fix_ver':'6.5.3'},
    {'min_ver':'7', 'fix_ver':'7.0.1'}
  ];


workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);
workaround_params = make_list();


reporting = make_array(
'port'     , 0,
'severity' , SECURITY_HOLE,
'version'  , product_info['version'],
'bug_id'   , 'CSCvn56004'
);

cisco::check_and_report(
    product_info:product_info,
    workarounds:workarounds,
    workaround_params:workaround_params,
    reporting:reporting,
    vuln_ranges:vuln_ranges
  );