6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
#TRUSTED 94238f1dcda8a45516498a871cd04d23b2668a0cb45068f6cfee900bf5c14d8eb384279a3e0abc4e71bc8560a9c0b84e3748ae8d3790abe1d4e86ddc5de8c646a5981ae01d0aef9ebd273bfe50f96f0b0e424c3b6c5ed8216c6c118a38404f81d19403abb54ae5fbb3bc0753cbe9dc5dfdb062701c96604c9cec6e6ab6d8ed59ee014e42a2084de385c69c801f54dbc6ddacb82a20e4d805a0ffef8b1d35eafa6a46e11ef6339977bb15b8b3c2083cf47b15475b90e3e4d4ce10181b1c02b7f979ce9c94efda22e6593835a64e019cafcc7ea69331c252c389fe89639cec782c167d9e52f27d5bbec91c727b7ed79c22cf29c4188ff3d62eadca49d522fb0c1e2d8f40b78b1710945c946e97dd4e99b500a3386eadeba2834bd204e3f7090f38a09b391e4db9695e04910eb937ca1c9ba3b1fef912388dd75081647d278579b35b19e7e140ad285f7ddedb4a9bcb4bba6763c16821f9f9afb80af2e0d540bb70d10eeab533c5991d518881ce3383bdc54e2ef7c71787ed7f85b3e2b31e52345163741985e647960207f5cfb68b2dc50b22d6425656c514e030a3ad27677fcda206a05bf58d89fda7066fd7508ed64380889698157923bf82ac7217cb963105986ae12ec3ea9bca9f56efacd007450d72070d08fbbabd6a56ef0f9503cd2381cef5c95d43784af2f30b0c2f2a23f775853c7b3e8439c35dbfb1c251d6584da8e0
#TRUST-RSA-SHA256 1d6aa14564b43b89deb310f6a7a6abb807174b856385f7bf2d68d70ff447108f82eb36ec24df9117a8fea8bdcde80e34fca97b717cac96ef17fc9592952f5e7b77e105814421dfc36af866aa140942d46f002530b42ff941b4c63c6b4c3027be456c72bd1c6ebe77016f8329e28fc3c276e74807b3fe2ce100a8c964b3690d1653f73bddd3ee3f59daf18d52c234d24e7a9c774a71b314319e1f207133a9cc419e09157e33f733d547bc833b46af0f8274b26bd6d156b7e8a6e68bdbdc86084b5ec2b620b9ebba881ce635d4bab6da01641e08fa025eb34ab05e245ad30efeea02c3f4420f8a9ec634ddb68e5a8cd0e8d3b32dd9c831a711a058e905ef549d706afe5d55d882e2b9258de7a24f0cda9f6c713f5ca34288f639b76ae8fe9ce63700e71a3567a996694f356efb8e17b29dd8bc46fd8c51137b9d98c0cef1d16512d13e8dffeb371a77ed5ca50e400e32045dc0e1840067497a9ad9025110027eb2b48ad433cfaea3464a74237b624da2dec2942db2ec3b51aa2c12aa39913898a0c6b84380ede15280889682e105af3644528e9df93f10408fa2887c0e99143e6d85e604290171c645b6bfd7c96ecdc743cddeae778d4ad8360fd09a58a8d29378494b606053fdd11b5f7f80dc98bcffa106e03e00ce9b1d5b7eb00d51495480985d944d19f16fed2777e214a61a64e8e0750e6ad6d4513413f83d6a987c4ef787
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(192623);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/05");
script_cve_id("CVE-2024-20306");
script_xref(name:"CISCO-BUG-ID", value:"CSCwh05263");
script_xref(name:"CISCO-SA", value:"cisco-sa-iosxe-utd-cmd-JbL8KvHT");
script_xref(name:"IAVA", value:"2024-A-0188");
script_name(english:"Cisco IOS XE Software Unified Threat Defense Command Injection (cisco-sa-iosxe-utd-cmd-JbL8KvHT)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability.
- A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow
an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating
system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability
by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker
to execute arbitrary commands as root on the underlying operating system. (CVE-2024-20306)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-utd-cmd-JbL8KvHT
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?30f38edf");
# https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a1da659d");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwh05263");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwh05263");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20306");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(233);
script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/27");
script_set_attribute(attribute:"patch_publication_date", value:"2024/03/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/27");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xe_version.nasl");
script_require_keys("Host/Cisco/IOS-XE/Version");
exit(0);
}
include('ccf.inc');
var product_info = cisco::get_product_info(name:'Cisco IOS XE Software');
var version_list=make_list(
'17.10.1',
'17.10.1a',
'17.10.1b',
'17.11.1',
'17.11.1a',
'17.11.99SW',
'17.12.1',
'17.12.1a',
'17.12.1w'
);
var reporting = make_array(
'port' , product_info['port'],
'severity' , SECURITY_WARNING,
'version' , product_info['version'],
'bug_id' , 'CSCwh05263',
'disable_caveat', TRUE
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_versions:version_list
);
6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%