Lucene search
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-IOSXE-PRIV-ESC1-OKMKFRHV.NASLHistoryJul 06, 2021 - 12:00 a.m.
Cisco IOS XE Software Privilege Escalation Vulnerability (cisco-sa-priv-esc1-OKMKFRhV)
2021-07-0600:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
58
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
According to its self-reported version, Cisco IOS XE Software is affected by a privilege escalation vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance (OVA). An attacker could exploit this vulnerability by installing a malicious OVA on an affected device.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
#TRUSTED 08173b1fc186c0c1db6e301c5860142ebe1ed50b06ea08a2578b20195f231dab5569f719c60e4853ecf36b7e1ef753b3e9260bf4bb891334a2993b1e4e63e51bd37cfee6dcd904a7d40713819ada1a40547bf1a040be1d2b3c2c7eac7bc45d079a1084bd8a0b356054580ec398bfa370a4c785545a485aad5e71aed92022efb776f5cb2fbb1f5b76676251625d904e6b58d51f5d7532d4e75092addd683b3aba77389b0da2e18edf11a29f9d132c26344f0d2ad856026dc0df43c944f3257d61bca38ab1dee17aeb5e41e6f1be100b321f312c96830203907567270650b1393710c46181d65042a274e38a78a8984366bdf70259b7c1278c96e79fa4073c87186fddd89476d1efe752c76c9bcec92ac333c36f99540ec24aeef58545cca8e9ead8fbfa61decd7331b2d3b0d7371c6795ef52fd00ed7fd319a6cbb86e8ac2bed10cbdf6dad8eda10024c42407c16b2a77d8d1011963f0bdd32ca6e998d4a5052ea92dff06297c4b0bb8cc370635e7993b1f5ef19645bd3be33680ec475fdf0d86b5e7b26afbefdf2469f69334765b373fe0026a6ed9d21442e43cc7544402665a9f4be265ccd9db219d2731f8c3ae6c2d6f78ff27579b7a2003304dd7c658b179db38847d73a99f1afa94b5df7f08dc6055991065611b90f172902abfd9c6c3e096bc447c0cce310abc5fbef7d106e16d0e4a745b31effaa7804839992db4059c
#TRUST-RSA-SHA256 48ef2681d5087d8aa3d675a2208a1b90ea822e008cf6fbd6358f3bb4bb0ca810d58825a2fb691b7e12224ff2e9e10a98442912047acb5cf252962e570038aad4ab73d505d33f363dd2a6f03bd42857401b9d3e12e78170c0705c48066cfa7dcafbca2697587a05a1ab0ec9a0f8cb3e7e99bf096083f6351b57239d722d2220c51053397d0814ab14e1982e3efbbfb0303a00dde5bd402a517b0ca85bbe7f11788bc2657af6428e81a5ac6711fe68b4817464c893d63b80e71def2dfb8f718e0db9da8cad3e25b08417f9621363a1247120110a7a2b94be573c133b8d2062916e2e5cb7f571cf7a34ff58908d593d9250c495915cd97192e0ee7de78d015a5923f12df56ba28e412318f54477719e1782f5f4dd474ffa3b9aa95e91366a0e9abc2c15ee8f3de5e40a21f01c6fb6f6c3ddb43c630b63755c2fae18845227475d24fa75101fdf551cb3233beee49ee1417f1a4d19ad8b160c5e45ca6ed1c52c03498e0d84bd98a5766a6423e3535c8ebb08235f41a84095064bcec496648e4e95f41a4b21bb87d6388a7ee3d92073ad65b7b7f743c37f227b7190c9c5926ea956271d340808cdc7a0026e7f0fe076a895c273eeebd19deacad6d19124628187e8d2bee3a087090e2db4006a10f1a932419d4ca7aa919e7e46a5bad16c22c6f825ceafa369955b616faf4c0ab55abdbe1d06f7e8c02490b03653f7499fdd7016c430
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(151375);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/03");
script_cve_id("CVE-2020-3215");
script_xref(name:"CISCO-BUG-ID", value:"CSCvq20692");
script_xref(name:"CISCO-SA", value:"cisco-sa-priv-esc1-OKMKFRhV");
script_xref(name:"IAVA", value:"2020-A-0239-S");
script_name(english:"Cisco IOS XE Software Privilege Escalation Vulnerability (cisco-sa-priv-esc1-OKMKFRhV)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS XE Software is affected by a privilege escalation vulnerability in
the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level
privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual
appliance (OVA). An attacker could exploit this vulnerability by installing a malicious OVA on an affected device.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-priv-esc1-OKMKFRhV
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?35677f5f");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq20692");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvq20692");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3215");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/03");
script_set_attribute(attribute:"patch_publication_date", value:"2020/06/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/07/06");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xe_version.nasl");
script_require_keys("Host/Cisco/IOS-XE/Version");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
var product_info = cisco::get_product_info(name:'Cisco IOS XE Software');
var version_list = make_list(
"3.8.0S",
"3.8.1S",
"3.8.2S",
"3.9.1S",
"3.9.0S",
"3.9.2S",
"3.9.1aS",
"3.9.0aS",
"3.10.0S",
"3.10.1S",
"3.10.2S",
"3.10.3S",
"3.10.4S",
"3.10.5S",
"3.10.6S",
"3.10.2aS",
"3.10.2tS",
"3.10.7S",
"3.10.8S",
"3.10.8aS",
"3.10.9S",
"3.10.10S",
"3.11.1S",
"3.11.2S",
"3.11.0S",
"3.11.3S",
"3.11.4S",
"3.12.0S",
"3.12.1S",
"3.12.2S",
"3.12.3S",
"3.12.0aS",
"3.12.4S",
"3.13.0S",
"3.13.1S",
"3.13.2S",
"3.13.3S",
"3.13.4S",
"3.13.5S",
"3.13.2aS",
"3.13.0aS",
"3.13.5aS",
"3.13.6S",
"3.13.7S",
"3.13.6aS",
"3.13.6bS",
"3.13.7aS",
"3.13.8S",
"3.13.9S",
"3.13.10S",
"3.14.0S",
"3.14.1S",
"3.14.2S",
"3.14.3S",
"3.14.4S",
"3.15.0S",
"3.15.1S",
"3.15.2S",
"3.15.1cS",
"3.15.3S",
"3.15.4S",
"3.7.0E",
"3.7.1E",
"3.7.2E",
"3.7.3E",
"3.7.4E",
"3.7.5E",
"3.16.0S",
"3.16.1S",
"3.16.0aS",
"3.16.1aS",
"3.16.2S",
"3.16.2aS",
"3.16.0bS",
"3.16.0cS",
"3.16.3S",
"3.16.2bS",
"3.16.3aS",
"3.16.4S",
"3.16.4aS",
"3.16.4bS",
"3.16.4gS",
"3.16.5S",
"3.16.4cS",
"3.16.4dS",
"3.16.4eS",
"3.16.6S",
"3.16.5aS",
"3.16.5bS",
"3.16.7S",
"3.16.6bS",
"3.16.7aS",
"3.16.7bS",
"3.16.8S",
"3.16.9S",
"3.17.0S",
"3.17.1S",
"3.17.2S",
"3.17.1aS",
"3.17.3S",
"3.17.4S",
"16.1.1",
"16.1.2",
"16.1.3",
"16.2.1",
"16.2.2",
"3.8.0E",
"3.8.1E",
"3.8.2E",
"3.8.3E",
"3.8.4E",
"3.8.5E",
"3.8.5aE",
"3.8.6E",
"3.8.7E",
"3.8.8E",
"16.3.1",
"16.3.2",
"16.3.3",
"16.3.1a",
"16.3.4",
"16.3.5",
"16.3.5b",
"16.3.6",
"16.3.7",
"16.3.8",
"16.3.9",
"16.4.1",
"16.4.2",
"16.4.3",
"16.5.1",
"16.5.1a",
"16.5.1b",
"16.5.2",
"16.5.3",
"3.18.0aS",
"3.18.0S",
"3.18.1S",
"3.18.2S",
"3.18.3S",
"3.18.4S",
"3.18.0SP",
"3.18.1SP",
"3.18.1aSP",
"3.18.1gSP",
"3.18.1bSP",
"3.18.1cSP",
"3.18.2SP",
"3.18.1hSP",
"3.18.2aSP",
"3.18.1iSP",
"3.18.3SP",
"3.18.4SP",
"3.18.3aSP",
"3.18.3bSP",
"3.18.5SP",
"3.18.6SP",
"3.9.0E",
"3.9.1E",
"3.9.2E",
"3.9.2bE",
"16.6.1",
"16.6.2",
"16.6.3",
"16.6.4",
"16.6.5",
"16.6.4s",
"16.6.4a",
"16.6.5a",
"16.6.6",
"16.6.5b",
"16.7.1",
"16.7.1a",
"16.7.1b",
"16.7.2",
"16.7.3",
"16.7.4",
"16.8.1",
"16.8.1a",
"16.8.1b",
"16.8.1s",
"16.8.1c",
"16.8.1d",
"16.8.2",
"16.8.1e",
"16.8.3",
"16.9.1",
"16.9.2",
"16.9.1a",
"16.9.1b",
"16.9.1s",
"16.9.1c",
"16.9.1d",
"16.9.3",
"16.9.2a",
"16.9.2s",
"16.9.3h",
"16.9.3s",
"16.9.3a",
"16.10.1",
"16.10.1a",
"16.10.1b",
"16.10.1s",
"16.10.1c",
"16.10.1e",
"16.10.1d",
"16.10.2",
"16.10.1f",
"16.10.1g",
"3.10.0E",
"3.10.1E",
"3.10.0cE",
"3.10.2E",
"3.10.1aE",
"3.10.1sE",
"3.10.3E",
"16.11.1",
"16.11.1a",
"16.11.1b",
"16.11.1s",
"16.11.1c",
"16.12.1y",
"3.11.0E"
);
var reporting = make_array(
'port' , product_info['port'],
'severity' , SECURITY_HOLE,
'version' , product_info['version'],
'bug_id' , 'CSCvq20692',
'disable_caveat', TRUE
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_versions:version_list
);
Related
cve
cve
CVE-2020-3215
2020-06-03 18:15:19
cvelist
cvelist
CVE-2020-3215 Cisco IOS XE Software Privilege Escalation Vulnerability
2020-06-03 00:00:00
nvd
nvd
CVE-2020-3215
2020-06-03 18:15:19
prion
prion
Input validation
2020-06-03 18:15:00
cisco
cisco
Cisco IOS XE Software Privilege Escalation Vulnerability
2020-06-03 16:00:00
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
Related for CISCO-SA-IOSXE-PRIV-ESC1-OKMKFRHV.NASL