Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-CUCM-PRIV-ESC-D8BKY5EG_CER.NASLHistorySep 06, 2023 - 12:00 a.m.
Cisco Emergency Responder Privilege Escalation (cisco-sa-cucm-priv-esc-D8Bky5eg)
2023-09-0600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
cisco emergency responder
privilege escalation
security patch
vulnerability
administrator privileges
nessus scanner
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
28.7%
The version of Cisco Emergency Responder installed on the remote host is 12.5(1)SU4, 12.5(1)SU8a or 14SU3 and missing a security patch. It is, therefore, affected by a privilege escalation vulnerability due to the lack of restrictions on files that are used for upgrades. An attacker with administrator privileges can create a specially crafted update file to elevate their privileges to root.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(180548);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/25");
script_cve_id("CVE-2023-20266");
script_xref(name:"CISCO-BUG-ID", value:"CSCwh30442");
script_xref(name:"CISCO-SA", value:"cisco-sa-cucm-priv-esc-D8Bky5eg");
script_xref(name:"IAVA", value:"2023-A-0455");
script_name(english:"Cisco Emergency Responder Privilege Escalation (cisco-sa-cucm-priv-esc-D8Bky5eg)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"The version of Cisco Emergency Responder installed on the remote host is 12.5(1)SU4, 12.5(1)SU8a or 14SU3 and missing
a security patch. It is, therefore, affected by a privilege escalation vulnerability due to the lack of restrictions
on files that are used for upgrades. An attacker with administrator privileges can create a specially crafted update
file to elevate their privileges to root.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-priv-esc-D8Bky5eg
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2cf92b43");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwh30442");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwh30442");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-20266");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/30");
script_set_attribute(attribute:"patch_publication_date", value:"2023/08/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:emergency_responder");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_voss_emergency_responder_installed.nbin");
script_require_keys("installed_sw/Cisco Emergency Responder (CER)");
exit(0);
}
include('vcf_extras.inc');
var app_info = vcf::get_app_info(app:'Cisco Emergency Responder (CER)');
var constraints = [
# https://software.cisco.com/download/home/286322260/type/282074227/release/12.5(1)SU4
{ 'equal':'12.5.1.23900.19', 'required_cop':'ADD_SIGNED_FILTER.k4.cop', 'fixed_display': '12.5(1)SU5 or patch ciscocm.ADD_SIGNED_FILTER.k4.cop, Bug ID: CSCwh30442' },
# https://software.cisco.com/download/home/286322260/type/282074227/release/12.5(1)SU8a
{ 'equal':'12.5.1.27901.1', 'required_cop': 'ADD_SIGNED_FILTER.k4.cop', 'fixed_display':'12.5(1)SU8b or patch ciscocm.ADD_SIGNED_FILTER.k4.cop, Bug ID: CSCwh30442' },
# https://software.cisco.com/download/home/286328120/type/282074227/release/14SU3
{ 'equal':'14.0.1.13900.34', 'required_cop':'ADD_SIGNED_FILTER.k4.cop', 'fixed_display':'14SU3a or patch ciscocm.ADD_SIGNED_FILTER.k4.cop, Bug ID: CSCwh30442' }
];
vcf::cisco_cer::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | emergency_responder | cpe:/a:cisco:emergency_responder |
Related
nessus
nessus
prion
prion
Design/Logic Flaw
2023-08-30 17:15:00
cisco
cisco
Cisco Unified Communications Products Privilege Escalation Vulnerability
2023-08-30 16:00:00
cvelist
cvelist
CVE-2023-20266
2023-08-30 16:18:42
nvd
nvd
CVE-2023-20266
2023-08-30 17:15:08
cve
cve
CVE-2023-20266
2023-08-30 17:15:08
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
28.7%
Related for CISCO-SA-CUCM-PRIV-ESC-D8BKY5EG_CER.NASL