Cisco IOS XE Software Unified Threat Defense Command Injection (cisco-sa-iosxe-utd-cmd-JbL8KvHT)

#TRUSTED 94238f1dcda8a45516498a871cd04d23b2668a0cb45068f6cfee900bf5c14d8eb384279a3e0abc4e71bc8560a9c0b84e3748ae8d3790abe1d4e86ddc5de8c646a5981ae01d0aef9ebd273bfe50f96f0b0e424c3b6c5ed8216c6c118a38404f81d19403abb54ae5fbb3bc0753cbe9dc5dfdb062701c96604c9cec6e6ab6d8ed59ee014e42a2084de385c69c801f54dbc6ddacb82a20e4d805a0ffef8b1d35eafa6a46e11ef6339977bb15b8b3c2083cf47b15475b90e3e4d4ce10181b1c02b7f979ce9c94efda22e6593835a64e019cafcc7ea69331c252c389fe89639cec782c167d9e52f27d5bbec91c727b7ed79c22cf29c4188ff3d62eadca49d522fb0c1e2d8f40b78b1710945c946e97dd4e99b500a3386eadeba2834bd204e3f7090f38a09b391e4db9695e04910eb937ca1c9ba3b1fef912388dd75081647d278579b35b19e7e140ad285f7ddedb4a9bcb4bba6763c16821f9f9afb80af2e0d540bb70d10eeab533c5991d518881ce3383bdc54e2ef7c71787ed7f85b3e2b31e52345163741985e647960207f5cfb68b2dc50b22d6425656c514e030a3ad27677fcda206a05bf58d89fda7066fd7508ed64380889698157923bf82ac7217cb963105986ae12ec3ea9bca9f56efacd007450d72070d08fbbabd6a56ef0f9503cd2381cef5c95d43784af2f30b0c2f2a23f775853c7b3e8439c35dbfb1c251d6584da8e0
#TRUST-RSA-SHA256 1d6aa14564b43b89deb310f6a7a6abb807174b856385f7bf2d68d70ff447108f82eb36ec24df9117a8fea8bdcde80e34fca97b717cac96ef17fc9592952f5e7b77e105814421dfc36af866aa140942d46f002530b42ff941b4c63c6b4c3027be456c72bd1c6ebe77016f8329e28fc3c276e74807b3fe2ce100a8c964b3690d1653f73bddd3ee3f59daf18d52c234d24e7a9c774a71b314319e1f207133a9cc419e09157e33f733d547bc833b46af0f8274b26bd6d156b7e8a6e68bdbdc86084b5ec2b620b9ebba881ce635d4bab6da01641e08fa025eb34ab05e245ad30efeea02c3f4420f8a9ec634ddb68e5a8cd0e8d3b32dd9c831a711a058e905ef549d706afe5d55d882e2b9258de7a24f0cda9f6c713f5ca34288f639b76ae8fe9ce63700e71a3567a996694f356efb8e17b29dd8bc46fd8c51137b9d98c0cef1d16512d13e8dffeb371a77ed5ca50e400e32045dc0e1840067497a9ad9025110027eb2b48ad433cfaea3464a74237b624da2dec2942db2ec3b51aa2c12aa39913898a0c6b84380ede15280889682e105af3644528e9df93f10408fa2887c0e99143e6d85e604290171c645b6bfd7c96ecdc743cddeae778d4ad8360fd09a58a8d29378494b606053fdd11b5f7f80dc98bcffa106e03e00ce9b1d5b7eb00d51495480985d944d19f16fed2777e214a61a64e8e0750e6ad6d4513413f83d6a987c4ef787
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(192623);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/05");

  script_cve_id("CVE-2024-20306");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwh05263");
  script_xref(name:"CISCO-SA", value:"cisco-sa-iosxe-utd-cmd-JbL8KvHT");
  script_xref(name:"IAVA", value:"2024-A-0188");

  script_name(english:"Cisco IOS XE Software Unified Threat Defense Command Injection (cisco-sa-iosxe-utd-cmd-JbL8KvHT)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability.

  - A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow
    an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating
    system. To exploit this vulnerability, an attacker must have level 15 privileges on the affected device.
    This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability
    by submitting a crafted CLI command to an affected device. A successful exploit could allow the attacker
    to execute arbitrary commands as root on the underlying operating system. (CVE-2024-20306)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-utd-cmd-JbL8KvHT
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?30f38edf");
  # https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a1da659d");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwh05263");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwh05263");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20306");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(233);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/03/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/27");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_xe_version.nasl");
  script_require_keys("Host/Cisco/IOS-XE/Version");

  exit(0);
}

include('ccf.inc');

var product_info = cisco::get_product_info(name:'Cisco IOS XE Software');

var version_list=make_list(
  '17.10.1',
  '17.10.1a',
  '17.10.1b',
  '17.11.1',
  '17.11.1a',
  '17.11.99SW',
  '17.12.1',
  '17.12.1a',
  '17.12.1w'
);

var reporting = make_array(
  'port'          , product_info['port'],
  'severity'      , SECURITY_WARNING,
  'version'       , product_info['version'],
  'bug_id'        , 'CSCwh05263',
  'disable_caveat', TRUE
);

cisco::check_and_report(
  product_info:product_info,
  reporting:reporting,
  vuln_versions:version_list
);