CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
High
According to its self-reported version, Cisco Identity Services Engine Arbitrary File Upload is affected by a vulnerability.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
#TRUSTED 8871b933be5981d80c60c140fbcbbdf5274367e24e166efe64249079760e5eb65382b8d2567a4f47a04d0f36102fcef547c7f3ee5c0fbfa737d50b2977cee4b0e2c77d7807c2bd6d1ab5f720571901c9f10dfd6ea6c152729031db89224ad2a74cc304c30d0dee5a42a5fed5d8c90160900eb44a68d4835a59f20e0ddc4667e30dad4ba46a466b9536e367a30a65d206b4712c5e0603aa82651254f74c8a4efc4216721e2e8fb4b05b28727f104d7591fb22085c830b5b9909ac2e2fb07589ceae63ac43dc68c927af1add0303e8787e72a9c997ac70c164a819aa502acad75ffb4927229cb5f40e4ecc8e1f9b767818a1eda47d65e6eb2492e8b28d7f69550ae63f7be7e6de0444e26314d41d0970d7e0cb4452423d9d3b36437a7db8692473bf9cebe1d4c0f345545e491ffd760a98ac28db34f937a859af4717a4857cba9a395fbee5e0d54e4993a629c1f1e0a6975947ff0cd10706cbb1bbc6e963e3871407d30edb837be66e2a0309b5081948b62940fb65d3eb71e747b44d279dabbd6ed8f366513a8a20d3024a2aeb484027f26ac0b776c1881671fd7e998cf4c4559d188685d2155a838b24b3a02fc530bc98da56e30e0b1644e945eee6df9999e18400e00631a976a81ca4111039b6a27a6bb45d759811c1e7a9a73435728bdfac10e2278e6c67ca5bbc8c934171fb7cce507fb7d68a814e8fb710a629338156dda6
#TRUST-RSA-SHA256 386ad67718d65a08ed73cedc7472ab09acb675a7b847ecda2cbb48ed5eea4b2cd1aaee555bbe516cec7ffa4217d281defa64e6dbf276d1debcac099b8d5a0532497547abc84963b412259e124dc293db1356c1a66e3c4fae1f1e29c1340ae9b8804a2d5f42a6c626cf4b552b4e5e142f2249c50d1d56a634600fc3d8963cf9e6166a70b49f59da9a0b48fb22acfeea223840c6c35ce48e9cfecc92072adc4957aa86a53dfa40ad4edcdb92ac1271c3f45167f7d6615096fd14bc9e1a1b2b129e8e1548533ede6fa8a4a967ee2a1cefb54b8ec5849f310a1d502fd7cac8772cf2098ec069771de7e73de2f004989a163fb3cec92ae5213f0312e3a7c1c4198dbb9b9af36f025492c760e3ad0da3f993c2cb87d9e685da329d456264ad64bc1a4db8e62a8d442fc867cb8ed4235d5984b64625caa5a31b4be2e933a12990a8740a6599e617f35006360c1307123d2b6bbbd7d3d0b4809b89bf5335526489fa4bbef988d076cfa829a7357811fc9f3e748805fc9486a347a899a17cd48924254169543995f702b549280fbe7ac8801affe0bf9abbf49945ddd10583551f7a11453301ab620e3b2a0b9579ce5c991a56aa2895b85b5c000a2944b56bab8e5768f21530170cf55b9f454c720592ac71d5c763f4997b0dee759b2105655936e55fe4fe0e6ae777f207eeaa97ea3ed932662def2fbdd84fda4fbdfa9ed0fe6db94046d0
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(202720);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/06");
script_cve_id("CVE-2024-20296");
script_xref(name:"CISCO-BUG-ID", value:"CSCwh97876");
script_xref(name:"CISCO-SA", value:"cisco-sa-ise-file-upload-krW2TxA9");
script_xref(name:"IAVA", value:"2024-A-0414-S");
script_name(english:"Cisco Identity Services Engine Arbitrary File Upload (cisco-sa-ise-file-upload-krW2TxA9)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Identity Services Engine Arbitrary File Upload is affected by a
vulnerability.
- A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow
an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this
vulnerability, an attacker would need at least valid Policy Admin credentials on the affected device. This
vulnerability is due to improper validation of files that are uploaded to the web-based management
interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected
device. A successful exploit could allow the attacker to store malicious files on the system, execute
arbitrary commands on the operating system, and elevate privileges to root. (CVE-2024-20296)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-krW2TxA9
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0a5ee5de");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwh97876");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwh97876");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:M/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-20296");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(434);
script_set_attribute(attribute:"vuln_publication_date", value:"2024/07/17");
script_set_attribute(attribute:"patch_publication_date", value:"2024/07/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/07/19");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:identity_services_engine");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine_software");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ise_detect.nbin");
script_require_keys("Host/Cisco/ISE/version");
exit(0);
}
include('ccf.inc');
include('cisco_ise_func.inc');
var product_info = cisco::get_product_info(name:'Cisco Identity Services Engine Software');
var vuln_ranges = [
{'min_ver':'0.0', 'fix_ver':'3.1.0.518', required_patch:'10'},
{'min_ver':'3.2', 'fix_ver':'3.2.0.542', required_patch:'7'},
{'min_ver':'3.3', 'fix_ver':'3.3.0.430', required_patch:'3'},
];
var required_patch = get_required_patch(vuln_ranges:vuln_ranges, version:product_info['version']);
var reporting = make_array(
'port' , 0,
'severity' , SECURITY_WARNING,
'version' , product_info['version'],
'bug_id' , 'CSCwh97876',
'disable_caveat', TRUE
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_ranges:vuln_ranges,
required_patch: required_patch
);