Cisco Identity Services Engine XSRF (cisco-sa-ise-csrf-y4ZUz5Rj)

2024-08-3000:00:00

www.tenable.com

cisco

identity services engine

xsrf

vulnerability

web-based management

csrf

attack

remote attacker

cve-2024-20486

cisco bids

security advisory

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

JSON

According to its self-reported version, Cisco Identity Services Engine is affected by a cross-site request forgery (XSRF) vulnerability.

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.
(CVE-2024-20486)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

#TRUSTED 877f7b1e549da4e9336706de5ced2fb6dee79e34a08545fb1975d9b5f369c90a61486124218de58c33efcb7532ccd564dea78f17c268243fb66f55c3440dc3f1ca6a3365612db805156e4e4e4e0b17524047daf75c61f6e9f605a735e30c87e7543feae363e9bffbb97153efa92ca6f685d97e0e3b010daab0207e2bae784b44c823eeb7ad9aea0cf20b840db9edc4c550369fdd8e1faf0ecfee0f182622256e8599d01609f34f1f029cb2715e9e4dba164463805d01aedfdff938153810c58319c877b0272b5f265e38b970705df69da54a622ef22eae934145519a2dcce759aebd4ffd7113a72d952c1e127b16dce307d1083ab96a9feef656d6b431fea53f4ad27cd7c620bce4c41fde361e4905479b4c3cf62a3e2c24fda04bf451f278a2bb624a51fb4f0a70fbf784fa1f806009601dbc11a2600c87e13cc01b071e3196c82db9c97eddc9ee8263f120801ea1406b5b9936f8a3a8512bbb525dc3e63da88c811477e61996e3be95d57c35be9ffff8adf25a001336e91ceacbf42b4052c75f18bdd7b7f275075766006cc8ceaa5afed1855b40428d86fdf2ce004bb2c0b6dcba7b0178e91983be49dee1904ac638a6889aa67eeb46f4e1b5bef348cf990770dc2bade4267608e95023a98280ce1829c0da3ede562414b22fd485ade6df0905b977297fa03a6ac19eb362dc5b4a8f64a0641128f7368a90dd873e3878d99c
#TRUST-RSA-SHA256 11808cf63b4b018dec5cc8c7cefac9cc5e1cf1f2046cf6f5b0a5dd2096772889577290c598a92dedcf3a9bc3c8f072fd16f8701a25dd59a899968be7d5e259339149736cb6e726bc3dad3a443add92803023b46c3d70c6b7ce4dcc602698d942363f27570361ddfd7bc18799c9b49116fa136877469bc25e41747be20fa5bcc97156a00d6a8be6ef67a94747f1099aaf094592cf1b56ed7e77e88564b3e81843b651c546545b5f0d0901018d69cb0ac7f9d371cbf17b5157806a0caee1bcbb27f56a4e29bd3e123d99a1f48f5754a0ef5b96cdac1f86663fdf972fec0950cd16598c44b9f37456a36d10d763cab6e170466bb1070ed5b8f46118d79a2ad5f6467b952957a036613ec54ac223b1ce950c931788d5da5834e09e9e7111722a469fbc36f121ef0534ab42fa59597ff327f477d05d909700d3f4c0c5d79a407e9a9576e879276c3699a4a758f5f1c5517d163e472e686c63f5dba013122c95d99136a42d95146d4edd01e6acd30cdb8a02fdf22d0eae302b74b96fb7cee2cac423032153d1900b3e2984c2cbd73345a226a13a656ae9cdaa97df9ff61d4e377cc8110aca51b32131198951ceeeeaff44eb095c188545757adbf27823dbc620def11231e13f8ff96fecd75755bf6e9355057d84c45f951a62395db8fc2d007d3800af0f0e091d9f2e84944da35df917d900c6d1f4502580d45f06543fb32a27f98aa2
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(206352);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/06");

  script_cve_id("CVE-2024-20486");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwj33460");
  script_xref(name:"CISCO-SA", value:"cisco-sa-ise-csrf-y4ZUz5Rj");
  script_xref(name:"IAVA", value:"2024-A-0414-S");

  script_name(english:"Cisco Identity Services Engine XSRF (cisco-sa-ise-csrf-y4ZUz5Rj)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Identity Services Engine is affected by a cross-site request forgery 
(XSRF) vulnerability.

  - A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow
    an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform
    arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for
    the web-based management interface of an affected device. An attacker could exploit this vulnerability by
    persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker
    to perform arbitrary actions on the affected device with the privileges of the targeted user.
    (CVE-2024-20486)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-csrf-y4ZUz5Rj
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?74a0aeb3");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwj33460");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwj33460");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20486");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(352);

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/08/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/08/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:identity_services_engine");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine_software");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ise_detect.nbin");
  script_require_keys("Host/Cisco/ISE/version");

  exit(0);
}

include('ccf.inc');
include('cisco_ise_func.inc');

var product_info = cisco::get_product_info(name:'Cisco Identity Services Engine Software');

var vuln_ranges = [
  {'min_ver':'0.0', 'fix_ver':'3.1.0.518', required_patch:'9'},
  {'min_ver':'3.2', 'fix_ver':'3.2.0.542', required_patch:'7'},
  {'min_ver':'3.3', 'fix_ver':'3.3.0.430', required_patch:'3'},
];

var required_patch = get_required_patch(vuln_ranges:vuln_ranges, version:product_info['version']);  

var reporting = make_array(
  'port'          , 0,
  'severity'      , SECURITY_HOLE,
  'version'       , product_info['version'],
  'flags'         , {'xsrf':TRUE},
  'bug_id'        , 'CSCwj33460',
  'disable_caveat', TRUE
);

cisco::check_and_report(
  product_info:product_info,
  reporting:reporting,
  vuln_ranges:vuln_ranges,
  required_patch: required_patch
);