Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-CEM-CSRF-SUCMNJFR.NASL
HistoryApr 09, 2024 - 12:00 a.m.

Cisco Emergency Responder Multiple Vulnerabilities (cisco-sa-cem-csrf-suCmNjFr)

2024-04-0900:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
cisco emergency responder
directory traversal
csrf
vulnerability
web ui
remote attacker
authenticated
unauthenticated

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

According to its self-reported version, Cisco Emergency Responder is affected by multiple vulnerabilities.

  • A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by sending crafted requests to the web UI. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as accessing password or log files or uploading and deleting existing files from the system.
    (CVE-2024-20352)

  • A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as deleting users from the device. (CVE-2024-20347)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

#TRUSTED 105c497a55524b6f6b24e0e2e11a769dca70c94a116a59cac768033429a6f48f210cec5234636254440399181a194d50de5a7b432afc81824220108361f08516a15854f585cf4bc4bfa13d85e83641124d54a32b67f56d9fce12ceacc96f29edb3d20f4638d83e1fd4f704019c09351430b7051bec5a254e5f439070dbd7c1b37a362f7ab093871c8473a0e1aab55b0beddc91daef37414df426241bfc43dd49b792b2695f6b66a4efc6ab1dfbf4885d351857ee114b4286363e883a75dafc28ac65f6259ff3e71afbc2be725229bc9e6c1f38e8d63ad235b31a67f267735ce20a472dbbbb69c12960faa697081500e5ddd843b3ca5294bda4e8d5c218980ab371ac73e5d218a42d4dbeeb87a37109666b6e2bdc97557919938e2f81e6193e179b104b7178ef342c1f393372bd0715f17af284b81caa2ecf4d7e361f43c15808cf5beb2d88a49b972ad3bb0fd8c31d581878f38dbe8af4a722e092296b166f7e852d1f6fe0ef18438f42664e728dca42b0d5f962504b1af7147372c459977796ae4d08fb68df21c1d44aa0a0d04790990f6d744f454a96b8b0ff44faa5963ed25654cce3d16f157eae1e4c29243953c3d2362521449a8dc04143a59ec69b4c5b54309e1a20b98f042d14a43a34c1dea561245b86fc8c6bb15feb2538007e04cba9b011e7055b3c3aab3535822fafd7446a01ae4083f392e9eeb22d32b99f11a9
#TRUST-RSA-SHA256 049632042bf3ad11e06df85fbb5280db6d382a4ace79f4ccf7ee3a524583e846f01da33b11c62c3a303a5da9e4ae72d62d6e18e97a163ce6b7b1f88d7a94d996308925e9796b064d0c73580adc2b63e3551ad5480eb48d00fcf227f82012229615f84d9dd293d39067c9e52ccb4d646aeb15ceadffd06c4be7edee5d467b66b3a57d512d5ba18c58ad7efe3d83c6796b78fc4d4a706a9165eb7bce0a80eaa5038f0ca2e94fee1a7c6d2fec9bf064fe7b8cd7adf8378744ea620ccc42c13974b1dac3b3784571ac4de626dd82a142da01a1f1c211a21b34f156e2ef1324fc39340df510e2eab972eea4f6d672a18895d4e6c1bd2bba72f11a270bbdf946fd71d48f0de4e33911fb90c6921bc948f0d687e318beff9721ff9b4c291ddf02b58f71c9b364bf27fb5239b7a0a25255663a08ae8c152a4e37e2e827f7317ea9badd52f931199be5f20d7d7637f553a1d9486256b27a3a56df3cb2877563508dec3e174deebb54fe8de645aafffab72ec0393c6aeeac71782e5920ae74bccd91276b82d8b8092baad1cc69bec8f99d03416ea1f9f02d93d0c6bc3936d0b4a28cbba00c71ecd559f476edd45d39e94bb7cdbaa960bd00b622e185afafec36c8eba009473ab887f279165f31c4dc7a5899595ccc3d40233c88562572235050ec035905b184e41dbe4c027d21f70da4b0fb82822f5c56aa194f63c3a1952afb6daf8c2d3d
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(193039);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/09");

  script_cve_id("CVE-2024-20347", "CVE-2024-20352");
  script_xref(name:"IAVA", value:"2024-A-0197");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwf41263");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwf41347");
  script_xref(name:"CISCO-SA", value:"cisco-sa-cem-csrf-suCmNjFr");

  script_name(english:"Cisco Emergency Responder Multiple Vulnerabilities (cisco-sa-cem-csrf-suCmNjFr)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Emergency Responder is affected by multiple vulnerabilities.

  - A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a
    directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected
    device. This vulnerability is due to insufficient protections for the web UI of an affected system. An
    attacker could exploit this vulnerability by sending crafted requests to the web UI. A successful exploit
    could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such
    as accessing password or log files or uploading and deleting existing files from the system.
    (CVE-2024-20352)

  - A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a
    CSRF attack, which could allow the attacker to perform arbitrary actions on an affected device. This
    vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could
    exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow
    the attacker to perform arbitrary actions with the privilege level of the affected user, such as deleting
    users from the device. (CVE-2024-20347)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cem-csrf-suCmNjFr
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7d4bc131");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf41263");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf41347");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwf41263, CSCwf41347");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:M/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20352");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(23, 352);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/04/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/09");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:emergency_responder");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");


  exit(0);
}

include('vcf_extras.inc');

var app_info = vcf::get_app_info(app:'Cisco Emergency Responder (CER)');

var constraints = [
  # https://software.cisco.com/download/home/286322260/type/282074227/release/12.5(1)SU8
  {'fixed_version': '12.5.1.27900.8'},
  # 14SU4 to be released in 05/2024, fixed ver used here is 14SU3a incremented by .1
  # https://software.cisco.com/download/home/286328120/type/282074227/release/14SU3a
  {'min_version': '14.0', 'fixed_version': '14.0.1.13901.2'}
];

vcf::cisco_cer::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
ciscoemergency_respondercpe:/a:cisco:emergency_responder

Related

cisco 1
cve 2
cvelist 2
nvd 2
cisco
cisco
Cisco Emergency Responder Cross-Site Request Forgery and Directory Traversal Vulnerabilities
2024-04-03 16:00:00
cve
cve
CVE-2024-20347
2024-04-03 17:15:49
CVE-2024-20352
2024-04-03 17:15:49
cvelist
cvelist
CVE-2024-20347
2024-04-03 16:27:10
CVE-2024-20352
2024-04-03 16:27:20
nvd
nvd
CVE-2024-20347
2024-04-03 17:15:49
CVE-2024-20352
2024-04-03 17:15:49

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for CISCO-SA-CEM-CSRF-SUCMNJFR.NASL
cisco1cve2cvelist2nvd2