Lucene search

K
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-EXPRESSWAY-AUTH-KDFRCZ2J.NASL
HistorySep 11, 2024 - 12:00 a.m.

Cisco Expressway Edge Improper Authorization (cisco-sa-expressway-auth-kdFrcZ2j)

2024-09-1100:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
1
cisco expressway edge
vulnerability
improper authorization
remote attacker
masquerade
inadequate authorization checks
mobile and remote access
mra user
intercept calls
make phone calls
caller id
cve-2024-20497
cisco bids
cisco security advisory

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.7

Confidence

High

According to its self-reported version, Cisco Expressway Edge Improper Authorization is affected by a vulnerability.

  • A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access (MRA) users. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to intercept calls that are destined for a particular phone number or to make phone calls and have that phone number appear on the caller ID. To successfully exploit this vulnerability, the attacker must be an MRA user on an affected system. (CVE-2024-20497)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

#TRUSTED 90822eed4970fb056312904d840afbd502a425ca1a21da00853407c4834c5df3ba0a6a2a536eb4c29ce9e1a7d35bcf1f97b67d26d0236708f5e6faf4968f43561fa054a4aac09eb74a6660b28ffeba3b859d4ae2e6fbacaad5f051335af710e1d2e61d2aa33fee8652b370febe00d36b32a1dbb6d6e4f3399f013819a602abb124d2d14317a8831b42da12b664904fd5f1650b1297aa3f2ba43f8d3c6685c66d9c1738d643ba858afd431d785249425a3edb4751a133d80ee4949b1e626c1ad7ff20a185f3c842cc72d02f74864367f242ffa241175594a91def18c5114d45531753bf42d13e48df5349cc017e67092a80de658326ec0718fa20a915e1cf6f7af27dd39a961c782ddbb835d6343047a44d2707646e3522fa4f9427ed30f38885a408f2f6df6f929e2be028c4b0da5138848ea43a3ff8936eaeb7d6e15c59f487a43a82d5d8dc39d0ff2f01928c3c1d1589d53825c8d26397f2991431d9418068841ef213a516ce3f0e222f24beaca080ba2bf610ffb8d28ac455806392a992a7cdee43c439c410b6102e14ce6d052b47ea4a041661e82931fb90a86a2b28d20698928f0e2537550fa68574541c8ec0f4766387d26a1a1d4713af6c36ded8e91c5f3d9a54694ed9c42329d6f29dde8e92d201f94a1922660eefbd295921dfc898635aec31af37fda7f0e8a47330580c80ac416819ed08ff7e1a5a91f74b3b2851
#TRUST-RSA-SHA256 7bd8197b081f12488eaa97045919d4f8a807cf0f5cc960113874c96ea6eb388bd6876a37e19c0d9381217b7ff7ee0e3f522747fb1d53dc7f56da7edf771b179442fb42118d5fc6c4c2b5ea9fd8c40a806906cd348d0f4a7082b86bb91f1dd535c99a48cd71d3cb7e22fd0c2b67680b9a4acf0daa8044491aecd61f33ff81782601729e61b8b75a68a3520734124a64ee9edb76017776884ad488af882fa3139585f761a091156880a559a3a404c3553c2589d792bf1077151929db26db3036441133b79249a1b62aefdac1deb374efc494a4e0036cef10769c695ffc0817bc3c9803b5e90d3d8981c7a0f71bdf4f2e61405a1783124f240bde77760571538688a727c4b7fa0b90b703bcc991f72de281fabfc884e963d193f32832e66d00df4c22f2baf3d0ee16cfeee7b0799f022ba52a8cb0717e1451a665afc5747fd6fc68c0049e38c5998939ea0f283c9f1ac61f87c3000f106dd6cd2fbe7c7a108eb8dae0af3fab3b8ad71f0eaed436acc242d8b85e54f556d2f406417ae4d68d79c9d0f5a881998f39aa282645ce4d0ab1c860f849a446edfb3633ca7ae572876bc9d7d271b7c8bdab7bc9e090ba8a333d0c01b3ab1807285dc7ed993bd197c6e88ea89d14d3db388f8777cf448be8999098b36928f2ee24a5c933a579177e24309504987a15bf92e98b96720c22bdd87039b1501298cebcbdb8d6532534964fdafb2b
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(206980);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/13");

  script_cve_id("CVE-2024-20497");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwa25058");
  script_xref(name:"CISCO-SA", value:"cisco-sa-expressway-auth-kdFrcZ2j");
  script_xref(name:"IAVA", value:"2024-A-0548");

  script_name(english:"Cisco Expressway Edge Improper Authorization (cisco-sa-expressway-auth-kdFrcZ2j)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Expressway Edge Improper Authorization is affected by a vulnerability.

  - A vulnerability in Cisco Expressway Edge (Expressway-E) could allow an authenticated, remote attacker to
    masquerade as another user on an affected system. This vulnerability is due to inadequate authorization
    checks for Mobile and Remote Access (MRA) users. An attacker could exploit this vulnerability by running a
    series of crafted commands. A successful exploit could allow the attacker to intercept calls that are
    destined for a particular phone number or to make phone calls and have that phone number appear on the
    caller ID. To successfully exploit this vulnerability, the attacker must be an MRA user on an affected
    system. (CVE-2024-20497)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-auth-kdFrcZ2j
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3d8260b9");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa25058");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwa25058");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20497");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(285);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/09/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/09/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/09/11");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:telepresence_video_communication_server");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:telepresence_video_communication_server_software");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_telepresence_video_communication_server_detect.nbin");
  script_require_keys("Cisco/TelePresence_VCS/Version");

  exit(0);
}

include('ccf.inc');

var product_info = cisco::get_product_info(name:'Cisco TelePresence VCS');

var vuln_ranges = [
  { 'min_ver':'0.0', 'fix_ver' : '15.2' }
];

var reporting = make_array(
  'port'          , 0,
  'severity'      , SECURITY_WARNING,
  'version'       , product_info['version'],
  'bug_id'        , 'CSCwa25058',
  'disable_caveat', TRUE
);

cisco::check_and_report(
  product_info:product_info,
  reporting:reporting,
  vuln_ranges:vuln_ranges
);

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.7

Confidence

High

Related for CISCO-SA-EXPRESSWAY-AUTH-KDFRCZ2J.NASL