Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-COMP3ACL-VGMP6BQ3-IOSXR.NASL
HistoryNov 07, 2023 - 12:00 a.m.

Cisco IOS XR Software Compression ACL Bypass (cisco-sa-comp3acl-vGmp6BQ3)

2023-11-0700:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
2
cisco
ios xr
software
acl
compression
bypass
vulnerability
access control list
remote attacker
configuration
exploit
workarounds
september 2023
cve-2023-20190
cisco bids
security advisory
scanner

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.6%

JSON

According to its self-reported version, Cisco IOS XR is affected by a vulnerability.

  • A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting.
    There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication . (CVE-2023-20190)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

#TRUSTED 990fe70530caa699d67e1f987f4a3b8836e606d02c372f4f9a13ee756aea4b604fe1b6fe412d52e320e9ec19ff1b468348f3076906fecbbf09b61296f4786f753f8cecde55b9ab8c67cd29156aaa217ecac213d2e440579414b1973d356b2072124aab860264693b65c3b7e9ba653664a89afa14b0f4d20702a855e75d8cc3e50e699f16577dfae01b0f0bf1b2314312fa5fc0552e719588d598c7085f0301ee50b56133e8f1fe33d4abc2b03c9477278e3d292d1e7c87dd0cc8e42e68027402b02154f4b14f51ea60ca9077451bb266b9581da8b5cda4be5e70c2c657a3cae5453d441a4e3bbaf36bc709613e3ab646febecd26b8513be6500e04eede71947941bfa43343ca99b724b23dadccf475ad7b915512af36946e3c7ad7b7402d433384ad9132ab756b5d130085289fef17b1e020b6029ee41b7890d53e066e2445ccf5a202b48e52043d2be56a193f8c56cc652aac5c2d3a9cb6c37b615ecbbbf22489ed9d8b4fde3e37256c08cee06c899628f7db94069d759a861e08873ee2792bb5349a226f5f63f8dae8334fa5e76f0dc676f766373b2a2e663214a62ffbe6aaeff3e3f337d98abba841748949f515c693a6047c1b506c91b90fb6825077c89aa118bb987eec541bf90cbe8b1ea5fd70b93eb3f0d7178fc51c5ef9e0cf55bab1d1c3016739a7a1bea7995580b308a6de707edd2aa247b3fbf053c848e6c83153
#TRUST-RSA-SHA256 3dc97343c0c1d2f101eddc893975de9eaa225384643f3bedf9339f2d5b5b2845c53f6db1e02f40bb030a4fed27bd7492accd623c957b4dc9380f5145e07a5e6aba1c6d5e2f6e42dcd7a415093cf6198f6b16e61ca8a49dd2a246452b24dff27264960f0b8ef854475bccf08b4507e64e5aa719e7f93db538808156893542323c886611f7b302e2a9035e708be405d8a4b134a47966241c625c5e20eebe7838c041a19f5466045c2c17a5590e03ca7bb30d76452b796f8aadbc86ca735a607ca01311990992ebb52fed914b64cd57c1586922ee37713210fe5e8b0acf83ff8f2b10ec1ecbb80913e8bc9c8ee6f09a397e9e7490f455f7dfb3de34b0890646e8724578467d5b7fe5f86269808fd5deedfdbdda46bc3982783c163e75f705b3fc42c67740143c1ef0ea308b8da08bc6bd59cbb06d044061cb9cfc2e7a8b9bb42eee1bac601cf04b3f862402148a5ec3e2bbea092bf6131805f33b94ace3fe9cc1f12717f16960595a6ecbcc75b84b7428b8d19ff85d4e0ceab2e030f29f30e980b3c64e4e3a4c0d2a5fe503129c375e8774abc8e8e589578bdacd92d630a5e588cddf9ced2ad11fa1823c71181c531943129487dacf9f3c4595019e2f87fb0feb361284cffade674598a17a90f126e3301e14b359fe509ef4bf05158850564919fa23667f8dc7249d601d94e5ba452786700e07c6a53b4122b0fd1f7a011f1dc5c7
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(185165);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/08");

  script_cve_id("CVE-2023-20190");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwe08950");
  script_xref(name:"CISCO-SA", value:"cisco-sa-comp3acl-vGmp6BQ3");

  script_name(english:"Cisco IOS XR Software Compression ACL Bypass (cisco-sa-comp3acl-vGmp6BQ3)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS XR is affected by a vulnerability.

  - A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software
    could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured
    ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in
    the compression module of an ACL that is applied to an interface of an affected device. An attacker could
    exploit this vulnerability by sending traffic through the affected device that should be denied by the
    configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the
    affected device, allowing the attacker to access trusted networks that the device might be protecting.
    There are workarounds that address this vulnerability. This advisory is part of the September 2023 release
    of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories
    and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security
    Advisory Bundled Publication . (CVE-2023-20190)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-comp3acl-vGmp6BQ3
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c94a1e6b");
  # https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75241
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6a0abd7f");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe08950");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwe08950");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-20190");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/09/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/09/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/07");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xr");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_xr_version.nasl");
  script_require_keys("Host/Cisco/IOS-XR/Version");

  exit(0);
}

include('cisco_workarounds.inc');
include('ccf.inc');

var product_info = cisco::get_product_info(name:'Cisco IOS XR');

var vuln_ranges = [
    {'min_ver' : '0.0', 'fix_ver' : '7.3.5'},
    {'min_ver' : '7.4', 'fix_ver' : '7.5.4'},
    {'min_ver' : '7.6', 'fix_ver' : '7.8.2'},
    {'min_ver' : '7.9', 'fix_ver' : '7.9.1'}
];

var workarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);
var workaround_params = WORKAROUND_CONFIG['acl_compress_level23'];

var reporting = make_array(
  'port'    , product_info['port'],
  'severity', SECURITY_WARNING,
  'version' , product_info['version'],
  'bug_id'  , 'CSCwe08950',
  'cmds'    , make_list('show running-config')
);

cisco::check_and_report(
  product_info:product_info,
  workarounds:workarounds,
  workaround_params:workaround_params,
  reporting:reporting,
  vuln_ranges:vuln_ranges
);
VendorProductVersionCPE
ciscoios_xrcpe:/o:cisco:ios_xr

Related

nvd 1
cve 1
nessus 1
prion 1
cisco 1
cvelist 1
nvd
nvd
CVE-2023-20190
2023-09-13 17:15:09
cve
cve
CVE-2023-20190
2023-09-13 17:15:09
nessus
nessus
Cisco IOS XR Software Compression ACL Bypass (cisco-sa-comp3acl-vGmp6BQ3)
2023-09-15 00:00:00
prion
prion
Improper access control
2023-09-13 17:15:00
cisco
cisco
Cisco IOS XR Software Compression ACL Bypass Vulnerability
2023-09-13 16:00:00
cvelist
cvelist
CVE-2023-20190
2023-09-13 16:43:32

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.6%

JSON
Related for CISCO-SA-COMP3ACL-VGMP6BQ3-IOSXR.NASL
nvd1cve1nessus1prion1cisco1cvelist1